General
-
Target
b814060c8975a9b3c28ac4f26232a53569bfb40f977d9c66ce93d8965c2fdcbf
-
Size
388KB
-
Sample
220520-3x82cacegn
-
MD5
09d555bcf85799fd62c587f345954189
-
SHA1
fc5cf214f9dabcd6d65bebfdfbbb67f41c29c3b1
-
SHA256
b814060c8975a9b3c28ac4f26232a53569bfb40f977d9c66ce93d8965c2fdcbf
-
SHA512
03311565f25c70c70e6da19f9c49430fb99071f87969e2a904bd52b485eee7d0381bec723f6a128467cb0ac0fa18a6060409921cb3c0e85243239d432270d31b
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Reques.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation Reques.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.el-sever.com - Port:
587 - Username:
[email protected] - Password:
admin123
Targets
-
-
Target
Quotation Reques.exe
-
Size
636KB
-
MD5
c2dbd23d7d1429c00ac1054a2befb929
-
SHA1
20c144e6919f64dad5cff37b29da1030d5044300
-
SHA256
ca00e2766617e6a0d743880ad74f65b035e04192914a938a6610f6fd813c6c0c
-
SHA512
207753698017d2761d4b1e782d8b27fda43c71fe077989f9343c773a1ddbd49bd92a2dc57fc30d30c89e017db0b3be3de614b656137069198034aba43ee0949c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-