General
-
Target
07da65861da3856029dfd17c4e671b3f004fcb7cf9bc638113da0f2d795d3adf
-
Size
405KB
-
Sample
220520-3d24pagga8
-
MD5
5327454c14756256abfd50c80ce7ac04
-
SHA1
552b3ff3a7fb7ca3880882af83f13a77972f2b6f
-
SHA256
07da65861da3856029dfd17c4e671b3f004fcb7cf9bc638113da0f2d795d3adf
-
SHA512
27982aa6d17805dd493a8c97bdfe0c46cc4f0babc78878c6321f186ef56a9334898a882e1b6a4651bcf82d8e11d0c8c56ea042ad263278ac5a0b209ec3300c08
Static task
static1
Behavioral task
behavioral1
Sample
j5C4kIKEckYxsyY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
j5C4kIKEckYxsyY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
UCHE1234567
Targets
-
-
Target
j5C4kIKEckYxsyY.exe
-
Size
443KB
-
MD5
d47336bd0ebdb274f5eaa7821c6f808b
-
SHA1
d728de453737a1fdac5d1c2e5682477366b25089
-
SHA256
abfab2713c15881c249a3779e3c51a32b173c1e899b4a4923399d865fa68ec03
-
SHA512
779e0a0a7dfb5d9aab5e3a06021b603f0d3df2f30240ef01c1eb023f2c2013dee30e7005ad4709994a7257c3c60c5a09916049ae2e73c3782d881bc994b745c7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-