General
-
Target
e5dad8e36007773b4adbafbaa9454e18188cc8fc19efbaa1ecf6280b9588c307
-
Size
660KB
-
Sample
220520-3msllshbe8
-
MD5
7304d101ad4c1d94261b5aee35ceb8fc
-
SHA1
d444d11ccdbf6ceb8bc642ab293ef242ad3ae2bf
-
SHA256
e5dad8e36007773b4adbafbaa9454e18188cc8fc19efbaa1ecf6280b9588c307
-
SHA512
bf43d6e73177e93c9b998df3fa0340781a31cc6e9a9bd69d86d0f4b7e3643c0a3e2a8fd8f54800c214e9e460c4f22f9eb4330b5b82b4990983d889949f9cdbe9
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.israelagroconsultant.com - Port:
587 - Username:
[email protected] - Password:
israelagro@123
Targets
-
-
Target
PO.exe
-
Size
1.3MB
-
MD5
911cfe476937e7f4aad553bc0814e802
-
SHA1
0e8b839716a75991db3f26c5c768059f1aaff27e
-
SHA256
b65f542c74ced21ba853b4840f0cfad311027e518b1c3925bd530a2da424293c
-
SHA512
024749dbe0672625ced0f2e9b2039ba20d4b6f9ef4d5342678773b309e340f93769f081962fece7b2eed4774b0e1869801e0e773a353949c073a89b1d28da1ad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-