General
-
Target
eab82ea11de4993fea8e345fb87597592121fdb60f73c6d578b37b712364cfd4
-
Size
424KB
-
Sample
220520-3l5jsacaeq
-
MD5
b87ff657bde3255d3eeac26e7f2f11c1
-
SHA1
5b6a29ca5528da250c80554f4162d1d1c76cf73d
-
SHA256
eab82ea11de4993fea8e345fb87597592121fdb60f73c6d578b37b712364cfd4
-
SHA512
c8e8bb6a966edf308c39f5272979ab322055be42c6ed53ab70d7917d02dd7a37c72f9ed0993f5c453de7b65caa63795113c35683325b492b685392b338a8370b
Static task
static1
Behavioral task
behavioral1
Sample
Client Balance Payment For May 2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Client Balance Payment For May 2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.almushrefcoop.com - Port:
587 - Username:
[email protected] - Password:
zainab123
Extracted
agenttesla
Protocol: smtp- Host:
mail.almushrefcoop.com - Port:
587 - Username:
[email protected] - Password:
zainab123
Targets
-
-
Target
Client Balance Payment For May 2020.exe
-
Size
634KB
-
MD5
c6603658b741087d4102daf507299972
-
SHA1
333926e746e769624dcb1d2bf8fde751aa9c00fa
-
SHA256
e7d122486a566fba3c38b1b542c77d33550c62e82e51d1cfac21d08c9eac4a33
-
SHA512
783863a858d8fb665aa2a72f03ddb28fec2e1394e0fea11cf1f3ae33c19399a689562c0541900b7c6742b8e5911dcc41f7f7752c8cf961f43d9d86a9e990ed4a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-