General
-
Target
daa89ae6dfe1a6281bf795cf58513b11314b2f5b28267faa87b65f20daeae8a6
-
Size
493KB
-
Sample
220520-3pyweacbhj
-
MD5
8a92e008195fe533eabf3c3907d109c9
-
SHA1
fa4d29b34073439b2131697417c498d4b809a92f
-
SHA256
daa89ae6dfe1a6281bf795cf58513b11314b2f5b28267faa87b65f20daeae8a6
-
SHA512
f3faf89bf1bf82478313bf9b3de64964a69064b4b770bf66e51a1e5eb915115d046d207058282aa4379caa0dd6b7e563442d637498dd23da257b59193587f781
Static task
static1
Behavioral task
behavioral1
Sample
Purchasing Lists.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchasing Lists.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.retramtrading.com - Port:
587 - Username:
[email protected] - Password:
@2018sales321
Targets
-
-
Target
Purchasing Lists.exe
-
Size
618KB
-
MD5
62086c79b69643b8c8cc3c3fd6ef0880
-
SHA1
def3fe8db02ca7da7d9ffcacdd074934453de3fd
-
SHA256
abe7a852074e704601e7fff625aa43e93ba71c6f0811aef9262b78e725df1278
-
SHA512
8231a7ecf9390a086272b0d1f0e7702b29ba14e972864dc1576cf028ce3a5f88947f0f0752b4396bef88aa73aa3a84af3c821709957a109cd69e0cd6f81580bc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-