General
-
Target
fd82f122aa8f51076bde16ea95069a38421af13c65f760bd0fb2b69313a4eedc
-
Size
333KB
-
Sample
220520-3hd8esbhal
-
MD5
86af481e68905a23f381a20d4f3c71ca
-
SHA1
e914063d8d839df3047ab77234fba2c7066c377e
-
SHA256
fd82f122aa8f51076bde16ea95069a38421af13c65f760bd0fb2b69313a4eedc
-
SHA512
e7f9e38d2015e4a0ba9f120b56c1d7a0fb12760e0d789b8fe1f3d75ed9c8193b1e9e559938b424115e93abeb1c501c8b59fb5124b52c115ecbd3d4737569754f
Static task
static1
Behavioral task
behavioral1
Sample
Catalog.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Catalog.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
K$pbkEK0
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
K$pbkEK0
Targets
-
-
Target
Catalog.exe
-
Size
432KB
-
MD5
7d7aae060d553d8ae3a48a6a1e7dbddb
-
SHA1
44ab5e2b2e0f870e592e7cb1026ba9cb2c2a451f
-
SHA256
2a2a628e23fa234e422aa5edcb6718f54e5caa2822ee10950a30619d9e9b0534
-
SHA512
7f7bfec03fa197ba78ab4b1f42090409224aede7abe321fac52f98207be7dfca46c32a8c081e0d84dfa91e93897c4adabc543c52cac61a352c98a3174f155b12
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-