General
-
Target
be5584b9bab874b4d6ca2b0f415ee65da6a502654d461b62bf3cef3d462f0376
-
Size
1.2MB
-
Sample
220520-3wvsbscebr
-
MD5
8bbe06a8f2f985b41fd05db2d2da1df2
-
SHA1
0d771b1c5730f6b66b2dfbde9f4b4bcf8b3c13f5
-
SHA256
be5584b9bab874b4d6ca2b0f415ee65da6a502654d461b62bf3cef3d462f0376
-
SHA512
555c3c98cfcbf6cf7ada4d6f4209b0b01ffefdd0aceb34147d3a4ce8ebbc8381410ff30d753a4ef06c1a9b028e9fc76922c03a57b3f10b1bb93e599ed237af27
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT_.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAYMENT_.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.northwestpowdercoating.co.uk - Port:
587 - Username:
[email protected] - Password:
C^0z.^LxykTW
Extracted
Protocol: smtp- Host:
mail.northwestpowdercoating.co.uk - Port:
587 - Username:
[email protected] - Password:
C^0z.^LxykTW
Targets
-
-
Target
PAYMENT_.SCR
-
Size
500KB
-
MD5
e1334e1071e9b895ca8924b6d2be2cb9
-
SHA1
bad0b2e10dada8f3bdc10be85dbfdf653a15cb41
-
SHA256
c62d74e427c8f171115756dc18267a987b29b7d289e34daca91027bc87a5c6c9
-
SHA512
9a4a7d06bd518259014dbdcacddbaa702907202039c58be66fe37b8f3b094354d5ae25f7ee32eab17653ec9308a90d0c01a9ccf945b747874c6ade8a41634632
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-