General
-
Target
89aac27ae48eda74a5d5cb0c461289e6b42588cf34b17c249ed83dd982a6d5d7
-
Size
1.2MB
-
Sample
220521-ags1zaacb4
-
MD5
a7d1a584e423369a9d1673b4d98572a4
-
SHA1
6f813a784dea63ab0177d47ee6c06c64927e4f8a
-
SHA256
89aac27ae48eda74a5d5cb0c461289e6b42588cf34b17c249ed83dd982a6d5d7
-
SHA512
12bb6e031a39b767b3866bc4eb15e0b5a7077f12c8c7d1bde243e151980bb870193152adff4617aa3d69c65cfe1749af640571ee0bc29e8a2abede544fd7b33d
Static task
static1
Behavioral task
behavioral1
Sample
Q3MYYW9N.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Q3MYYW9N.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://asnbanknl.com/ - Port:
21 - Username:
smartpips - Password:
3mPf4$l2
Protocol: ftp- Host:
ftp://asnbanknl.com/ - Port:
21 - Username:
smartpips - Password:
3mPf4$l2
Targets
-
-
Target
Q3MYYW9N.EXE
-
Size
550KB
-
MD5
2b410f95e3698318f5183053e38d7e85
-
SHA1
082ea89ce7b04031deac3412c1a018eb5964e169
-
SHA256
37150bacbcc388ea4dec116a1c1d22ae9b937a7495e2974228eb4814d2db6348
-
SHA512
f653529d3a2124f2f0d2d9234475cb6505d5e834436f00f9d0ebe794c4e78351cc40011e35625b8b9b4357bbbbd486f7b90bc2262910344c109b92215d382afb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-