General
-
Target
d2cbf4f9dd761354ed39ff023692e44cc9a25df8862bff88aebcd32b877d9f86
-
Size
536KB
-
Sample
220520-3rn4zsccdp
-
MD5
6b0f520b0f78b343f4c66cec385ce5da
-
SHA1
7d9ee63f62b68ebd31720057690045ab2526499c
-
SHA256
d2cbf4f9dd761354ed39ff023692e44cc9a25df8862bff88aebcd32b877d9f86
-
SHA512
abf90d42e69ee723bb476470503582011cf2f34b160c37591a87288090cb60a2249d1fb4789187739a183f4cd97a2a33b552bd15b8f1fa5176d20efd8786eca2
Static task
static1
Behavioral task
behavioral1
Sample
3D DRAWING AND PRODUCT SPECIFICATIONS P.ORDER #08297.bat.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3D DRAWING AND PRODUCT SPECIFICATIONS P.ORDER #08297.bat.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Chinedu2@
Targets
-
-
Target
3D DRAWING AND PRODUCT SPECIFICATIONS P.ORDER #08297.bat.exe
-
Size
699KB
-
MD5
e251315450494f16faa55741b1e0a62e
-
SHA1
380e96cb56a04e5137975400dcea2e3b7867dc29
-
SHA256
c7ef577b1f4ed52125ba91adb3ae69578179afc6826b08acb7aa10641d8c2e96
-
SHA512
4a5a90fbcec1fa3fd987f7becaa95e7f7a887a25dbd2765abc360b2376c875bd1eb809da830e4c49b533cdd9c60e0f7616f855bd371b6e216649c8030d1f2e70
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-