General
-
Target
500dd1dca55fe496890f2ece67c3a76b682edb01dbb3ce745a28f1dc9bf0cc82
-
Size
399KB
-
Sample
220520-3ct2pagfd4
-
MD5
eda5f6e12545e18ce635a6693fe714e0
-
SHA1
4e8989c250ebd0089cbe8f583d0712f71e51e32e
-
SHA256
500dd1dca55fe496890f2ece67c3a76b682edb01dbb3ce745a28f1dc9bf0cc82
-
SHA512
5fd594eb95f0c2047b3c13275466092356a728414ae4b9b63e6e61bf8218f79064147ad67148d4136f67627df9df59964cdc352dc5457646af857bea855a0449
Static task
static1
Behavioral task
behavioral1
Sample
TT copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TT copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ociii.net - Port:
587 - Username:
[email protected] - Password:
yearofblockmoney5024
Targets
-
-
Target
TT copy.exe
-
Size
438KB
-
MD5
88b0042ee1c7aec435ab5540b1d52799
-
SHA1
1f3f14dce8acdb7c1f9d49cf06db7738c37b53f1
-
SHA256
8736ffe12cdc4791e4c340a1da9f52025faea789d2a6f75bda4e24e2a7ff5be8
-
SHA512
23767c71a8e753ca0aa9732ab500859b77d726ff246c6554ed041e0e9be84f7722c2fd779ec94fa11b59a07b7bc3b26ff4ebb64833f99288d21e8882a23bc787
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-