General
-
Target
a948c3fb252ee14db710de435d1dc5f88d0923e6e4eb20fade67aaf5e2e425ac
-
Size
1.4MB
-
Sample
220520-3k1t7shag8
-
MD5
eca512d5289783f13b346958c0bca5d9
-
SHA1
061f5375c5edd832c9d6e9dcfa0a8733e1295dd0
-
SHA256
a948c3fb252ee14db710de435d1dc5f88d0923e6e4eb20fade67aaf5e2e425ac
-
SHA512
20dc0f2ef11432cf63350b182f01c668d206a583473643932e4d2656f8f9f1932385bf14abed862e26ccb3f3919a703aeb562cea4d490cd877ed052d88c307f7
Static task
static1
Behavioral task
behavioral1
Sample
a948c3fb252ee14db710de435d1dc5f88d0923e6e4eb20fade67aaf5e2e425ac.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a948c3fb252ee14db710de435d1dc5f88d0923e6e4eb20fade67aaf5e2e425ac.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chisom6474
Targets
-
-
Target
a948c3fb252ee14db710de435d1dc5f88d0923e6e4eb20fade67aaf5e2e425ac
-
Size
1.4MB
-
MD5
eca512d5289783f13b346958c0bca5d9
-
SHA1
061f5375c5edd832c9d6e9dcfa0a8733e1295dd0
-
SHA256
a948c3fb252ee14db710de435d1dc5f88d0923e6e4eb20fade67aaf5e2e425ac
-
SHA512
20dc0f2ef11432cf63350b182f01c668d206a583473643932e4d2656f8f9f1932385bf14abed862e26ccb3f3919a703aeb562cea4d490cd877ed052d88c307f7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-