General
-
Target
88121d881e362350ffaed29c25f7151a1bbbfbd8ee2af882adf079ec37fbb1b9
-
Size
1.2MB
-
Sample
220521-ag7jcsacc4
-
MD5
8e0d2b18bfe9fb8b8a3e1ec02dcb946f
-
SHA1
5d92a778f12041cfe42181ee163ce8b39152695e
-
SHA256
88121d881e362350ffaed29c25f7151a1bbbfbd8ee2af882adf079ec37fbb1b9
-
SHA512
b8bc3da75dbc7b037a2ce42334f4fc2e5e9c31d2f9e3154760b19cba867135f49118a6de20e2947e4f279d86ba6b60391eba1835d2baea0baf03bbe09d714cf5
Static task
static1
Behavioral task
behavioral1
Sample
METTA_NE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
METTA_NE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
[email protected] - Password:
Operatingmanager1&
Extracted
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
[email protected] - Password:
Operatingmanager1&
Targets
-
-
Target
METTA_NE.EXE
-
Size
611KB
-
MD5
46d8ff0eac096bbc37d90836340ce4d6
-
SHA1
244ed7082ac4f88beedc4fbc1cef120dd6a1058f
-
SHA256
67c4fc5a1bcf85ab79b44d2b71d298196d344f86646a133a21adc60fa8b5040e
-
SHA512
d1ffff1e7a7b7d26bae44e9bbdea7f0ea34c1d31de3e07a1668c105b9d4405c7ce5d9c2c34ee49d50be4cac60c8738070f9021f1ee2b61d5b295a3a6d8ec960f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-