General
-
Target
1e563d901aa6b667910fdadfe12bd13e3e7e8eab6b1ab78becf18cc906699b2e
-
Size
424KB
-
Sample
220520-3dqqnagfh6
-
MD5
cfaa95194405600fe01e54444582a7f7
-
SHA1
e62418ab2e414b492af760ae41119882050a27a0
-
SHA256
1e563d901aa6b667910fdadfe12bd13e3e7e8eab6b1ab78becf18cc906699b2e
-
SHA512
1f4869b3ac8ecd3af5d9ad911065c20e72fdeea0b79a7273f3c0970c01e73235e255f65849c7e5cf5d21e063e76892ab8f45d8280e210abcdff5fcaa4e2b4fc5
Static task
static1
Behavioral task
behavioral1
Sample
ACCOUNT STATEMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ACCOUNT STATEMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rezuit.pro - Port:
587 - Username:
[email protected] - Password:
chukwuma22
Targets
-
-
Target
ACCOUNT STATEMENT.exe
-
Size
581KB
-
MD5
eb428db8ca4d305e7f76c47ed02303cb
-
SHA1
0b3aaeb40fe15f793e2827d58d60c8a40dc4ad6b
-
SHA256
2cfe1844342a95aa0891efacedad05182cace9dcb728d81566d38989d4857e13
-
SHA512
516fc3492df3c3ee5b1a553a59e2c0a65ca73a270e6dbeb1b971d545aee0adfc01f99f6b3ff257038d6ee16ef5b45a8e1ef8ae0d526f8f26f381428ab9e81813
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-