General
-
Target
8e2f378359ca3885f551fa0a08d0d9b9b43c2e16e3cd3b68acb9c57a63f1ce15
-
Size
1.2MB
-
Sample
220521-afm4bsabf4
-
MD5
df7782843a072d01f11b1f129f662fe0
-
SHA1
27c71a8aa329b6722d4a7a560658a3995780b928
-
SHA256
8e2f378359ca3885f551fa0a08d0d9b9b43c2e16e3cd3b68acb9c57a63f1ce15
-
SHA512
e615942cf14bdf85d94180b9459c947771adbdabee042197e262329e44b35645858647342f150a6ec6d2366b7dda32d8dca5255678b71e329020edb12287a074
Static task
static1
Behavioral task
behavioral1
Sample
PO_61654.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_61654.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kenapens.com - Port:
587 - Username:
[email protected] - Password:
@Hammer1980
Targets
-
-
Target
PO_61654.EXE
-
Size
494KB
-
MD5
0faf92001013a74d38b7d43cd4e8292e
-
SHA1
9870f1b6aa195deff54b059f2e28f77d526c2fb1
-
SHA256
5f8d0e5d206e5b37c552b79782a6777edf6e7a9a1c1db8ce324055baba187f4b
-
SHA512
19a8a5646eb15596bf2e4a55bf63e1badb2dd325b46a77f749a05a52197554e8aa079ff9e45bf4d3b6ca1b5f01c5a53755c398468abf960de6e504fcdafc1738
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-