General
-
Target
a5fc13df1012b247693e929efee6d5fd62154f0146ce945ad212921705a12d88
-
Size
489KB
-
Sample
220521-aaf3tscgbm
-
MD5
c00ca1fea6da7b09977799bc58d630f0
-
SHA1
e6fa092aa783ddadbcd9a1cc758708f5b93bae46
-
SHA256
a5fc13df1012b247693e929efee6d5fd62154f0146ce945ad212921705a12d88
-
SHA512
30ed7ccc55e87a4604acda6a8b0448b31e4a4ce102b49d93e2a6930a8a1d88cfea8c06f39fa6543f19af42ddf30ceff13245abca99f1e5417351ced2ccbe1173
Static task
static1
Behavioral task
behavioral1
Sample
INV 19003568.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INV 19003568.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.procetfreight.co.ke - Port:
587 - Username:
[email protected] - Password:
5VCo+%[lWoqY
Extracted
Protocol: smtp- Host:
mail.procetfreight.co.ke - Port:
587 - Username:
[email protected] - Password:
5VCo+%[lWoqY
Targets
-
-
Target
INV 19003568.exe
-
Size
559KB
-
MD5
a887535cacc5f53e18904e84b5936037
-
SHA1
6f0eece773ad3c0b980b08e9039b085fbf7bce73
-
SHA256
bcfe28b074cc1d9b0fb7896ee3eb4d28c240bee33cb76578f0f9f1ef90ab92e6
-
SHA512
6adaeb09c3108db8a4688219fbc2ca1f1eddbb990c50c718c8654d99076496e363857ae1fdaa99ab248385197ada10c577c8d5c91cf6f92d1248af00437e517a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-