General
-
Target
f66744477239c87939089b7bfb0e5396cf5addf0288b90b95178cc001c587c16
-
Size
871KB
-
Sample
220521-agxddsdbcl
-
MD5
348d7c0aaca945e8aaa2c5fb7bfc1122
-
SHA1
54ce23bc3e637191c19443069dc3e624e55af782
-
SHA256
f66744477239c87939089b7bfb0e5396cf5addf0288b90b95178cc001c587c16
-
SHA512
b4e9edc8addd54db88cbefd0df4faed8526fa6d6c733f727305fd08d691979982944ecc61b7e2ea55d39f3afa0d10f76db020acaaad757ce0be669840e8f6c42
Static task
static1
Behavioral task
behavioral1
Sample
f66744477239c87939089b7bfb0e5396cf5addf0288b90b95178cc001c587c16.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f66744477239c87939089b7bfb0e5396cf5addf0288b90b95178cc001c587c16.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Targets
-
-
Target
f66744477239c87939089b7bfb0e5396cf5addf0288b90b95178cc001c587c16
-
Size
871KB
-
MD5
348d7c0aaca945e8aaa2c5fb7bfc1122
-
SHA1
54ce23bc3e637191c19443069dc3e624e55af782
-
SHA256
f66744477239c87939089b7bfb0e5396cf5addf0288b90b95178cc001c587c16
-
SHA512
b4e9edc8addd54db88cbefd0df4faed8526fa6d6c733f727305fd08d691979982944ecc61b7e2ea55d39f3afa0d10f76db020acaaad757ce0be669840e8f6c42
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-