General
-
Target
ffa41de9394c54c03f5542aeeea435a676c281cf2f59eb4f4e2a580011c21bca
-
Size
626KB
-
Sample
220520-3gywfaghc9
-
MD5
abc6fe2d10e70f9ba7435cd29c06a2af
-
SHA1
2d3a2f75a03b56ff20f456ea6a97a3fd0307ac21
-
SHA256
ffa41de9394c54c03f5542aeeea435a676c281cf2f59eb4f4e2a580011c21bca
-
SHA512
ac0905ac330d2f937fafbc7bd672ea0f95a3a392ad7a21fcc75100bee2695ca92e55ef7e026fd78c1a33f7115e8c1b5b69f7100c117d0b3e21b08d54be2412c0
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER..inv.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER..inv.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Iqb*)yC2
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Iqb*)yC2
Targets
-
-
Target
NEW ORDER..inv.exe
-
Size
794KB
-
MD5
09110d6067e758a651e6bad7f867678a
-
SHA1
99824123e1b8efabdfa85f8c22857fd0727059cb
-
SHA256
221f5da25d402be75cc7e28bb3edc241f293284d28fd4f37d0bf88213de4456f
-
SHA512
0e1a9bfdef21b3874fe53965dc3efc660d02001e0cd5913ef8ceff264efab3a2660a5f76bce20c30d86d8d5ae3117e2d36f087177aebed601877519c88234c88
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-