General
-
Target
fcd76be54e0e1491dafca9479963dd703cc32650389295a69204ba5cfed8c1d4
-
Size
636KB
-
Sample
220520-3hgzbabhaq
-
MD5
0e994a51b2287523cffcf9c79843c44a
-
SHA1
522a1327cf9cca90198ae48549b5c1579f4c9377
-
SHA256
fcd76be54e0e1491dafca9479963dd703cc32650389295a69204ba5cfed8c1d4
-
SHA512
30224adfe2ea3265c2ad99611a346702b11eeec44f446daed4952d590ab115bbff7981f7d51d7a4e2e678d2f17f56326269dd18ea17bf3f3f1fca55c869a438d
Static task
static1
Behavioral task
behavioral1
Sample
[C38226] #TD JMMasuda_Mfg.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
[C38226] #TD JMMasuda_Mfg.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.justrghtinc.com - Port:
587 - Username:
[email protected] - Password:
h~pd6Qw0}z+Y
Targets
-
-
Target
[C38226] #TD JMMasuda_Mfg.exe
-
Size
575KB
-
MD5
5c3ebfee342ed55ad799a2498264bb74
-
SHA1
4d34d2ed85495eacf1c212efc42f1416ab1ab3fe
-
SHA256
cec63a7a18270b5f0115e58279c986e20fb5b2fb16ea1d2c4b57849d0456b827
-
SHA512
b3e91bf448942cd096cf66afd88be1c30b71d9f6d5ea02c9768adcddb7188b48923cfe08bfae02374c4ccc34cb44223672ff97a3b0f94ce88f81fd02b767a879
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-