General
-
Target
8b725056d381d4fcdf425ba985e32e6ee054c7e9fdd7b649d96bc30117f5d8dd
-
Size
631KB
-
Sample
220521-af9mbsdagj
-
MD5
4d31a4f27175b1b7286c12fdc1c856b2
-
SHA1
d6ba2745479a33753b9e246ab914e03519dfeff8
-
SHA256
8b725056d381d4fcdf425ba985e32e6ee054c7e9fdd7b649d96bc30117f5d8dd
-
SHA512
0b434758ad89c7e4ad4ce6f89e348a3b6857c9e89f9e2233c3f5405063865f36c11aa731a66e1125130997fd3e39ca6d2a4eaa69cb152004ad30bcbba777d42e
Static task
static1
Behavioral task
behavioral1
Sample
KRA202015840883.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
KRA202015840883.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pkfpmes.co.ke - Port:
587 - Username:
[email protected] - Password:
}79ngu!.Bzo7
Extracted
Protocol: smtp- Host:
mail.pkfpmes.co.ke - Port:
587 - Username:
[email protected] - Password:
}79ngu!.Bzo7
Targets
-
-
Target
KRA202015840883.exe
-
Size
867KB
-
MD5
eb815f5ca33030272ffddd2b5a2b5b08
-
SHA1
a7dcfee41c305f72eb1a48ff1b0aebacae346d55
-
SHA256
16853eb4cd97f93ef51bcad6492d6874c54e86f98009b977254decac05070fd2
-
SHA512
e79a257ab0e477a87f1f50d513bdef06aa02775a6ed46a37917c952ac59ca957db9e75709cc4838200b186e8a8094f346870b4b1546768a44dd119eeec5fd2f6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-