General
-
Target
e17c43656bb2adc94e662d44f81ed72e9b563bc50876fa1da4dce47b1a8e7634
-
Size
597KB
-
Sample
220520-3nlvfshbh9
-
MD5
4537a80c325b5a0023d0f4aae1cf6f1a
-
SHA1
5057dbf3e75275def37f4cb20beca00a777d61db
-
SHA256
e17c43656bb2adc94e662d44f81ed72e9b563bc50876fa1da4dce47b1a8e7634
-
SHA512
20ff27f6bba25d002a92041a3acb8f484a91a81d87561d15dfab788279b64fbc88e50ecc2e632cb5dfd4edb8117aa8235a7f1cecb056875496283efb97b5ea61
Static task
static1
Behavioral task
behavioral1
Sample
Proforma invoice 04.08.2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Proforma invoice 04.08.2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fratellidelpiano.com/ - Port:
21 - Username:
[email protected] - Password:
playboy123#
Protocol: ftp- Host:
ftp://ftp.fratellidelpiano.com/ - Port:
21 - Username:
[email protected] - Password:
playboy123#
Extracted
Protocol: ftp- Host:
ftp.fratellidelpiano.com - Port:
21 - Username:
[email protected] - Password:
playboy123#
Targets
-
-
Target
Proforma invoice 04.08.2020.exe
-
Size
808KB
-
MD5
3962e9b89b828c1937a0bd69113e671f
-
SHA1
813bc238072f1f4a850520eedfa8abc7669f311c
-
SHA256
e86142f3f4772825135e389edefa8b13db71930958ea6611a6287bf644cc5414
-
SHA512
abaf349bdad6be0ca7eb038bd1daf004cf6436a10543fb2b08dd6e5d55b9dc86355cd80eb86b5ab846c2dc9e0bcea7f0221e78beffc3155d1ef63820c3100c71
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-