General
-
Target
8306f3cdd40467e2c851d850e7d8850add41b732a57382562ae9f8b949abc5dc
-
Size
424KB
-
Sample
220521-ah6nfsdbgl
-
MD5
cf9d434e0b5911dca988ff2b3ca43f41
-
SHA1
39c054e1d964ff6b84546bb7dbe67b8360314386
-
SHA256
8306f3cdd40467e2c851d850e7d8850add41b732a57382562ae9f8b949abc5dc
-
SHA512
68fcc0bbb2995d9adc9b36db4df4022949217def183600ac12209b94437856eb89f3d78f07dcf48e4bc1909d2af023c97c53caeeb13c4cd665bb841b11ae4852
Static task
static1
Behavioral task
behavioral1
Sample
Commerical invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Commerical invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
vicanto1994
Targets
-
-
Target
Commerical invoice.exe
-
Size
474KB
-
MD5
29e84bff08f40b0ad47e415e284c2b6d
-
SHA1
cd4ecfb91c6504bd8fe2da366298a28877f4da9a
-
SHA256
55a99c172ecc21abb477851da63336dbc01c67bc90f11d08dacd3ac2995e82be
-
SHA512
a39de205f7c07a8268acd4e9986d76ffa5b17849d7a7afa67283a509649a3d0b2e1d61533bc3bbc5c6a1c827cc18492175c5233e1c045a4f502794c4e78623be
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-