General
-
Target
c07d1208c79fb4036ffd59bb2161a884961a1dba841d46f473b975b7acbff927
-
Size
1.3MB
-
Sample
220520-3v89bshfa8
-
MD5
630bb5ef20bfcfcc82373f6b2081ca40
-
SHA1
c073c66ad9fc7b4a6238eb96b5b6318ec7e27505
-
SHA256
c07d1208c79fb4036ffd59bb2161a884961a1dba841d46f473b975b7acbff927
-
SHA512
b4f97e50bf1d21dd64f4634002785eb33016b4dcd3335ab5ef4623eaa5168f107d9ab62d609ee83486eb243ecc4c7ccebaf747cea4caf0ac41b67a7ea0df36b6
Static task
static1
Behavioral task
behavioral1
Sample
REF_2020.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REF_2020.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.northwestpowdercoating.co.uk - Port:
587 - Username:
[email protected] - Password:
C^0z.^LxykTW
Targets
-
-
Target
REF_2020.SCR
-
Size
763KB
-
MD5
a8318b3f73df38c45c9f632bfb049c20
-
SHA1
affd429bb2bbccc3196df74a1bda8ce941ab8be5
-
SHA256
5485fa1c86bc00ec0b4a0e4a78f0ad63e0551fc53f66042dec39f9ab9975d503
-
SHA512
f404ec635ec6871af68868ff85093f710fb8278fd2acbe6fad9351f8f994cdb7025510f9c10227ea45817e1aa3fdebc3d768c67281911455b3bf03bcb7d1cc39
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-