General
-
Target
8bd0557f45b1d8f632e6055f537d52a866d4524401508c14b07ab6b1dd9af631
-
Size
394KB
-
Sample
220521-af59xadafm
-
MD5
3fbbab1a550ab6244116a8de3a6f2e14
-
SHA1
f6d9660cf67bd0f85d3f30277c56e70df15810c1
-
SHA256
8bd0557f45b1d8f632e6055f537d52a866d4524401508c14b07ab6b1dd9af631
-
SHA512
67334aa5cf65409ec41b012eb0f84a17c92954a932c97d22cf054c0aad50ccd5148783941298216b863793fe8c3514c3a525d50a48a7aa76c24d2063760d77db
Static task
static1
Behavioral task
behavioral1
Sample
Doc_767467JUNE2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Doc_767467JUNE2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8baa88
Targets
-
-
Target
Doc_767467JUNE2020.exe
-
Size
450KB
-
MD5
8ac061125c6771c56f990211fbcaf819
-
SHA1
993eb057ce8d1f21048d76a6083818b60208d465
-
SHA256
0189ad2e08f8bb4c487e31502a7e86ccf2bfaba40fda638f316cb5c9ca80d767
-
SHA512
f57201eee7b2c9a093f956b2b84d6c91beb6909dbff76967657b856d16b54e735f10bb9516a50e5b4c51c1d6ba4fb52bb4f66ee1d9a8f73be1fda69112e2aa63
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-