General
-
Target
cb7387d84e6db1c5de08121186ad00fdbebf1049f73b7d68291b7a35e292d7b3
-
Size
507KB
-
Sample
220520-3s9gbacdbp
-
MD5
3d9ef5d2a79ebe28ae3dc338cebcdc38
-
SHA1
6c75715a634baf5eecc2ac231c5727d7c90e06b6
-
SHA256
cb7387d84e6db1c5de08121186ad00fdbebf1049f73b7d68291b7a35e292d7b3
-
SHA512
d314d396dc3b155c4d57c52fe2fe02369a5119568e9274f91c354a874477a8b72bf6f9c8278c6e6b943b82932df4c55a90b1c29eeee2425155bbc48b4d28aa3a
Static task
static1
Behavioral task
behavioral1
Sample
ACCOUNT STATEMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ACCOUNT STATEMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rezuit.pro - Port:
587 - Username:
[email protected] - Password:
chukwuma22
Targets
-
-
Target
ACCOUNT STATEMENT.exe
-
Size
712KB
-
MD5
802e11ba8b155d600196ffc9cfbf7d58
-
SHA1
6329c89789454d4c1f51f227955149119c977845
-
SHA256
f9d32207409b6be5fa86e42a53744d33e46aa270b9d00983c75a94399c4f1e17
-
SHA512
3d286d38c858288afd8b4a57497732126000a7779c339bbd748c666a66292a035d1021b75c14ab73dd03ab8ffe920353542ccc9cf952dab21236d41f270ddf69
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-