General
-
Target
c07980ab00eadc3038ceb9eb725a77ee6501e670fb3cb96ab58a8007981f8f21
-
Size
404KB
-
Sample
220520-3wa3xshfb2
-
MD5
0ea75d0040f4245f61cbf508187e33e7
-
SHA1
22e3fd6015be9159acf87b9f89a0afcfec03b4df
-
SHA256
c07980ab00eadc3038ceb9eb725a77ee6501e670fb3cb96ab58a8007981f8f21
-
SHA512
4729da3d138a03e8bda584123ccad6be285321b88973c55316e29db5bd1d8dae7cfe1843cebb259cae05dce9592f460021284ae2c03ad45b1fccb17e4ffaf358
Static task
static1
Behavioral task
behavioral1
Sample
PO102002.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO102002.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.durainteriordesign.com - Port:
587 - Username:
[email protected] - Password:
successman12
Extracted
Protocol: smtp- Host:
mail.durainteriordesign.com - Port:
587 - Username:
[email protected] - Password:
successman12
Targets
-
-
Target
PO102002.exe
-
Size
456KB
-
MD5
13e21e63f32a1f5997b4e3c6f34a046d
-
SHA1
0398f303c169d10015f30e746e27b836d00df9e1
-
SHA256
b7a5fa475f3dffc48dd10e17c0aba7013ba58752baf49fb83e634ca0d16a61ce
-
SHA512
a246e3d24dc300a800109db2c3f4656e98fa7e2dccdba61efa4c3c52f1e76277c4cbc33e131b28b71bd3b141c7d2c14fa80bbbebf1f54df8da6e2d86c82de9fd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-