General
-
Target
fcf31be14d0007f335294f688feba4e45c9b7d212459da669152c77089d92691
-
Size
559KB
-
Sample
220520-3hfq9abhan
-
MD5
0653f28b57469d1e40b7d1afec581f49
-
SHA1
e9475d62ecde4ed9bf5c4196226c036453d64e53
-
SHA256
fcf31be14d0007f335294f688feba4e45c9b7d212459da669152c77089d92691
-
SHA512
b3f0893e293a2c3a20d75c51bbf505493d6af851a9d762fe68ee57130e01503f064946c449f8dd3297ca889166c2d68f5e7ed5091a2d9327db70629e22374fa1
Static task
static1
Behavioral task
behavioral1
Sample
P O...exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
P O...exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mystboutiquehotel.com - Port:
587 - Username:
[email protected] - Password:
1Ie0S;gWe&A$
Targets
-
-
Target
P O...exe
-
Size
767KB
-
MD5
7975341af15024607c1512e7077928eb
-
SHA1
7cc913766310a1a602e9b8583be46034b7d4088e
-
SHA256
d01a29e75349476aff8d7a7402ca869c61e07a42215a99d07fbbec151f70f287
-
SHA512
b6229ae47d801aea87802d1068d67b841c78ca1ea2b55e440a7553c2b5d28bf47a8bdfc689ff3e7d4c651818b386e6fd71a97f616bdd5d3d19c3f2670dfa820f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-