General
-
Target
8ba1f310fe9c3ae5d4e1412cc70031b4ef55eea7c4f515eca2b0d3c395028d32
-
Size
420KB
-
Sample
220521-af7sqsdafq
-
MD5
d56f90f0a6a1ceddc27b32e4cb6878fe
-
SHA1
8fd2b0373d3f3829ad26838f6e57b885c218edf9
-
SHA256
8ba1f310fe9c3ae5d4e1412cc70031b4ef55eea7c4f515eca2b0d3c395028d32
-
SHA512
bc0a6d2a61614d087179c26aba267b235ca61e5faf84b736e619896aa07b3cce564cd52179b67ae3f65410a22130fd72df8442609ce60f2446f1a7049facca79
Static task
static1
Behavioral task
behavioral1
Sample
anoop-image.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
anoop-image.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bnb-spa.com - Port:
587 - Username:
[email protected] - Password:
}iPxp@l#21aE
Targets
-
-
Target
anoop-image.exe
-
Size
598KB
-
MD5
907335631a07cdae792c84ff08f3273f
-
SHA1
c90037ff8ad31fe971f5d6574d0b0ae5259e0b47
-
SHA256
280b04a1401485ae0e877e20aa801c9e6e8288e82f107dfcd0f97e168f8e63ec
-
SHA512
7ee4b47e90237a8087475e58d25768b8b32904a7622deec09abc2a6ac95fbd48925a8bf81a2f6fac44f863eac99d7510e6df595098bd7e98902d8db8822daa91
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-