General
-
Target
d47679272e0703a72acb1256f5ec4fe1a937867a934757cd18d739d41c04e3dc
-
Size
409KB
-
Sample
220520-3q686scccr
-
MD5
b4c3aeeee490b8f38416b177c642f321
-
SHA1
87a4798275635badc544539227948c1fe4a375b9
-
SHA256
d47679272e0703a72acb1256f5ec4fe1a937867a934757cd18d739d41c04e3dc
-
SHA512
af8fee00d296bdd39a71b4949acc1a78f75a8108162ef64f7d9011f01ef8d947e39eb4d03dcbe4450b3e6246652a45fad54ae4868c9a9f5a4639004bba807e22
Static task
static1
Behavioral task
behavioral1
Sample
Herewith all the scanned copies as required.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Herewith all the scanned copies as required.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.hraspirations.com/ - Port:
21 - Username:
[email protected] - Password:
computer@147
Protocol: ftp- Host:
ftp://ftp.hraspirations.com/ - Port:
21 - Username:
[email protected] - Password:
computer@147
Targets
-
-
Target
Herewith all the scanned copies as required.exe
-
Size
487KB
-
MD5
7ae34697625f5ce346cd7981faae04ee
-
SHA1
a91f9ef9f38be360fde0afd5d7993b863d3eeafc
-
SHA256
70e42d439e0edb6d2a475dc3e51380469ed3c2e2d3e1a063705e60d0db2cdd54
-
SHA512
413b92815d9aaa074b9247eb4a5f77982d5c15a500f73c579161210f40fc70fea911107d773c93c79df7d1274c192a73ee062df71c3837c653e5e773a065ff80
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-