General
-
Target
STATEMENT.exe
-
Size
385KB
-
Sample
220521-1k3mpadef8
-
MD5
e618b5c39aa7f9c49fadcb2a209f500f
-
SHA1
ba4da0f4707d985fd7c770069cdbbba7b122be82
-
SHA256
ca8bc275897c5406275748a661d6300fba21859c76a12e77f119fe366dfdddc5
-
SHA512
005c5aa300a9aac60482a5355f993830e2117ee80927d3fdea8bfd7f95bca2fc3d6d34291f0df02e99dfb3565df39f87cedfc21c8c21f2d8c70c06ffad08bec2
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
STATEMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tejarathotel.af - Port:
587 - Username:
info@tejarathotel.af - Password:
Kabirzad@4022# - Email To:
ranjqnupreti3@gmail.com
Targets
-
-
Target
STATEMENT.exe
-
Size
385KB
-
MD5
e618b5c39aa7f9c49fadcb2a209f500f
-
SHA1
ba4da0f4707d985fd7c770069cdbbba7b122be82
-
SHA256
ca8bc275897c5406275748a661d6300fba21859c76a12e77f119fe366dfdddc5
-
SHA512
005c5aa300a9aac60482a5355f993830e2117ee80927d3fdea8bfd7f95bca2fc3d6d34291f0df02e99dfb3565df39f87cedfc21c8c21f2d8c70c06ffad08bec2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-