General
-
Target
a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6
-
Size
474KB
-
Sample
220521-aaqbhahhe4
-
MD5
0d1dedb62312754d9ae601664c41b09d
-
SHA1
7ab06c4e8b15bc2c6d6fd9d8414a2b135ebc67dc
-
SHA256
a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6
-
SHA512
a25958216d625dfbcfc0dff208c7f91acc2b8b4442b5514e7e8be0534fbf26f1e5bb39fcb03cfda387d92568457afc437635552af51be37deb400a4d79fe486d
Static task
static1
Behavioral task
behavioral1
Sample
Transfer slip.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Transfer slip.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
locowise12345
Targets
-
-
Target
Transfer slip.exe
-
Size
621KB
-
MD5
e9047a742afd9baafd5ddc59aab49707
-
SHA1
1526c70019d3f9c5e13b411c4c7d5274d56354cc
-
SHA256
b5168cc25cfcd2e305a680adc90e657dbaa81433f49d1cf10ded3e83062697ee
-
SHA512
78fb957dbdb947557720f63fa01afcc18e17c26f1676646ab73a6c2fb1aec7f16c624d78b3c87b4d2b19c2b1d078fc64ecda40637180153847b643310f6e51e6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-