General
-
Target
8ffedf5e468337d6420f1f3f701222dd2578474ebb2efbd545430560558b12d3
-
Size
533KB
-
Sample
220521-afbqasabd9
-
MD5
0e3bba87f2463f2ce5365e92d54842a1
-
SHA1
ec9807db0d14694d8b3ecc31be51d4f94670b8ff
-
SHA256
8ffedf5e468337d6420f1f3f701222dd2578474ebb2efbd545430560558b12d3
-
SHA512
b6b58a46058f5f4b1b6d5a82155a743ffef1360afcca9e09481ba2ce4eba3174a9f1fca3f330a43dfb7645fcd196fdc302e1a444d8fa1b3204d405e650cd7a59
Static task
static1
Behavioral task
behavioral1
Sample
ORDER NO. DC08021.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER NO. DC08021.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Extracted
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Targets
-
-
Target
ORDER NO. DC08021.exe
-
Size
693KB
-
MD5
d45c4fed12f1ff0cc6332b1141d0b435
-
SHA1
3ef534d2d63cc3e13c99fedebe980f52ff05ee38
-
SHA256
7d45448bfe8b015e4c529ea7c1898c7a311d8ce42eb208957113735c5b750335
-
SHA512
00059cbbb1f88bde4c3860c40a822e35e93128e91cb889ffeb03745dae7b7a1a8bd472b086f1abfc2567392137080fa15c65ee031c1ada6a3c0e112a6b3f326c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-