General
-
Target
f0cc1f9ae35526e82f7e450365cc6bdf1e8c11d1d75540b228932d527428be1d
-
Size
1.2MB
-
Sample
220520-3k3zkahah4
-
MD5
b183485a5cccefd740941092579c51a9
-
SHA1
1a528f0bca6d5420fd527cbc1ff479ca43cdf803
-
SHA256
f0cc1f9ae35526e82f7e450365cc6bdf1e8c11d1d75540b228932d527428be1d
-
SHA512
4c87683589f89ca1d81bed48cf49149686cdfb7a9120396961657ed619aefa9d6b8d95bb7a3043f68ee0f8ba61656d2b1d7e70e9888e68436db1d176644e7f63
Static task
static1
Behavioral task
behavioral1
Sample
TRANSFER.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TRANSFER.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.northwestpowdercoating.co.uk - Port:
587 - Username:
[email protected] - Password:
C^0z.^LxykTW
Extracted
Protocol: smtp- Host:
mail.northwestpowdercoating.co.uk - Port:
587 - Username:
[email protected] - Password:
C^0z.^LxykTW
Targets
-
-
Target
TRANSFER.SCR
-
Size
708KB
-
MD5
fc6d14669988bc5bad68feacabe0c48e
-
SHA1
33ca62fd01994e697dd2aa639c630fc13e04fc8b
-
SHA256
fce01fb0c77c4ef7fe37e5bb920e7098a11f4569a8cd3b3056de57ead5667881
-
SHA512
c719555bf75928681b1f39c17c730473eaa6ead1c302876e0e15ae9f201a98f79e5d5e0ea7adb38d23e061a3496bc000ee5a9c007f51c3b7c13865c0cc74b749
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-