General
-
Target
244c818dcc9fbd27b5ccb02030674adeb746f14c77fe40015f985544e93e043f
-
Size
447KB
-
Sample
220520-3dk56sgfg7
-
MD5
6f054dd36d9cf4fe61734f89083fd774
-
SHA1
c6ed7f4ef658dc26034e80ebb081a9ae711f40a3
-
SHA256
244c818dcc9fbd27b5ccb02030674adeb746f14c77fe40015f985544e93e043f
-
SHA512
5434c3843da650bbb6a85ed6742fdb359de4b041d824b03e89e4e6b0a4e51ce69dbe75b58a00e15bfa7774757eebf2c09a620f67ecae1a2688fddb42afb96dbc
Static task
static1
Behavioral task
behavioral1
Sample
PO-0566978HD768-Order_Quotation,xlxs.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO-0566978HD768-Order_Quotation,xlxs.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
poundsboy24
Targets
-
-
Target
PO-0566978HD768-Order_Quotation,xlxs.exe
-
Size
495KB
-
MD5
2210f2d0cd35799e52e48fca84ba4454
-
SHA1
15e4e59e73d0aa521d94712bb67c71f036f65c6f
-
SHA256
63f3c0c57169df7444e25fcfcc6626bc14d6e85dea12a1b6bb137e780f71cbb5
-
SHA512
97a419a59677e272504ee4feba0a43f0fa7e20a996a10cad4f5dd9b6245497e346be4c90e7e62614b9fcee1eb6f9aa34980d4814bce21a500d20fec1a0cce687
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-