General
-
Target
93cd5653cfd950a8e3c584692af1982b435e0014397a8f78b38dabb30fa4b9a4
-
Size
608KB
-
Sample
220521-aeqstsabc2
-
MD5
fad51bf7c5555027e205be4a381f906a
-
SHA1
5cbad5325c2ac87d30288736be4b86f027796f38
-
SHA256
93cd5653cfd950a8e3c584692af1982b435e0014397a8f78b38dabb30fa4b9a4
-
SHA512
70596e88a7a4241ab3b3bbb37b4d65ed0efa1866054ef9547948c7a2abdc2a25802343fc66301df36ed9abe52ed8d1e39d90978438509c728dc47338ae250aa7
Static task
static1
Behavioral task
behavioral1
Sample
1015676-ADMIN_200802010045_jobrpt_ZNA-CUSSTA_ADMIN_23454!.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1015676-ADMIN_200802010045_jobrpt_ZNA-CUSSTA_ADMIN_23454!.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mexicanproduct.com.mx - Port:
587 - Username:
[email protected] - Password:
Produccion2020.
Extracted
Protocol: smtp- Host:
mail.mexicanproduct.com.mx - Port:
587 - Username:
[email protected] - Password:
Produccion2020.
Targets
-
-
Target
1015676-ADMIN_200802010045_jobrpt_ZNA-CUSSTA_ADMIN_23454!.exe
-
Size
818KB
-
MD5
d4ed287051e1a59d8b524a8f6c0c34bf
-
SHA1
e73f31b7290b8f8bd7197e42548285f86be252dd
-
SHA256
6cfb8c7d072efbdeeb16075cc368dfee38cc4924595bb63027a97ea557d3b866
-
SHA512
27f10342600c66c839de73c4435e27b771487a88c6c11f9279a9447fa82f24415af3730af111e248d7f06152d1e051e8e1a334e1d51a63d91d46364bf3fdbf47
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-