General
-
Target
bbe4d7f761f6307dcbaf517ca5983221e1d8a53aa56c6b2f05c33f8f13513614
-
Size
503KB
-
Sample
220520-3xc9nshfe6
-
MD5
7a49fa3fc99202c7f376bb7f2d56a601
-
SHA1
4f9b99bf1debffab76ca883872afba5693b1a9e1
-
SHA256
bbe4d7f761f6307dcbaf517ca5983221e1d8a53aa56c6b2f05c33f8f13513614
-
SHA512
6cbf4e23db056be2f6170fbf6d943dea8d4f35510b4d82fc6e155851db7d88bdb62851033ffca14057c950c95ecd48256067158047d42f56cac87d06eda48815
Static task
static1
Behavioral task
behavioral1
Sample
Information and requested documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Information and requested documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.hraspirations.com/ - Port:
21 - Username:
[email protected] - Password:
computer@147
Protocol: ftp- Host:
ftp://ftp.hraspirations.com/ - Port:
21 - Username:
[email protected] - Password:
computer@147
Targets
-
-
Target
Information and requested documents.exe
-
Size
758KB
-
MD5
c32cd33fadb4de3563ca97d7bf9df4ae
-
SHA1
b8ea747a906942e1089bafa3c253d8ca53b6acbc
-
SHA256
31c08b891a2cdd18895f42d331783f628cf27dca9ee41691e206fb0e6a57471e
-
SHA512
7b7a5342109ba84e1489271ce036d6e5b7eed0b498282e45f9944d2a451de9d988da8183c102e609ee60765af7dc600577fbda9ab7ae88732c8e8a0c8d433abd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-