General
-
Target
4d7ab9269873230761c581e689fbf2a2c2ee27b0417f7d2dc744aba3ae026baa
-
Size
419KB
-
Sample
220520-3cwwaabfaq
-
MD5
2a4878796dafc9e089d494655e3e00c1
-
SHA1
fa270fa2fda225ff3171b8ab30cdd20cbb2e08f0
-
SHA256
4d7ab9269873230761c581e689fbf2a2c2ee27b0417f7d2dc744aba3ae026baa
-
SHA512
805759e6be08bf142d31e05be2329fedc369abff52d5c39041f3eb2b00d8836752922b9c306abb3251a8ee9ed9efb6c2f68bb59c8b752fe57ef171fd25d2f058
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER COPY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER COPY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.taiemerica.com - Port:
587 - Username:
[email protected] - Password:
JuCbr%o3
Targets
-
-
Target
PURCHASE ORDER COPY.exe
-
Size
485KB
-
MD5
6927d6f3b944792f8ded8a5573f146e1
-
SHA1
8e8a2d6d76e266a63740fea720ee9dd8ae637a2e
-
SHA256
61252e269429d13733b530dc84094e7dacd56cbf157959314d4dd6029c6ff531
-
SHA512
ef87ab3434580e479c9b022bdc6a5e2f9ba2b4ea1786e94ef398d1918b14586bc8341f501c00d762ba5ab44d84c7e5d2bf55aab86fc67d7cca23ddd27b304f92
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-