General
-
Target
dd7388ec13a680a21e9c724555434c85e212b7a89096782dc43b915f675d39d2
-
Size
536KB
-
Sample
220520-3pesjacbeq
-
MD5
d2dc932b737251a5242ddccceb1a3fe2
-
SHA1
f4157f1d278a2cfed597d4b67b25bb84eba32491
-
SHA256
dd7388ec13a680a21e9c724555434c85e212b7a89096782dc43b915f675d39d2
-
SHA512
20cf19fa5bf5437abcac0092a09b90c165ece768b03e476302e38ef69a4ecaf0892684806c845517aed62098ef0bf675305dae913ce29599724902ecf1ce0671
Static task
static1
Behavioral task
behavioral1
Sample
Trung Viet - new order documents_#0020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Trung Viet - new order documents_#0020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.daiphatfood.com.vn - Port:
587 - Username:
[email protected] - Password:
jn&6kG~_w;;A
Targets
-
-
Target
Trung Viet - new order documents_#0020.exe
-
Size
731KB
-
MD5
061f529a79ebc01dd049acbdb1bb8528
-
SHA1
2b0937e1dbbdc56b8e13f45f0b5cade3ca022f85
-
SHA256
cb037c1db10c1211bf9ae9b2bedffefffc20a3ba95295efd69f2f270c8afed30
-
SHA512
b0ef9f645e250603c649d5243763432dd831157bdced392b112e957142bef942320bd612ac7f7b583d478bd9ec6c186dc9e546b024ede3a64d7d9442de813231
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-