General
-
Target
b9e657ad61aac62271e5bab6f366cccf52dedcfe5045a77883b0b05cea27d84b
-
Size
405KB
-
Sample
220520-3xm4wahff8
-
MD5
98cdf7e12040ae8cf4f05b7d8b445f54
-
SHA1
9dc5e4f141a0da233bc8f39ad9c978f4775e6a39
-
SHA256
b9e657ad61aac62271e5bab6f366cccf52dedcfe5045a77883b0b05cea27d84b
-
SHA512
5207e9ea0e6e7c2f5a8da5fe63897b6a706f6c3656b1dd65651bee2a0737f4df8ad1e8615abf75b6edf9ff72979980c5b6aa3b02c3b815f4ce08adaee7defba6
Static task
static1
Behavioral task
behavioral1
Sample
Image.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Image.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
alibaba.comalibaba.com123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
alibaba.comalibaba.com123
Targets
-
-
Target
Image.exe
-
Size
462KB
-
MD5
3f298f73944083913be6602ad5b99ab8
-
SHA1
be24ce20a8ebc266dfdc4bb04aa6a49654806275
-
SHA256
4692f4e0ec2163456ca3eb3a20625b55a31601e00b35f2ac96ecadc927ae3969
-
SHA512
71bf5a990cf3aa6a56a2838f71be9712401944d38a39d6d7708269d68f74ee6e5e22f16d6d9fca7eb9228cf6f39d96bcf1d9b1d784c99093c427a8ca9335d71a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-