General
-
Target
82fba18f0fd8294ba8bcce339a2380af71c4f1b8bc4f528d886ac0e5ed1e91f9
-
Size
371KB
-
Sample
220521-ah7kraacg2
-
MD5
4e32fee68e7fb36e213753f46936f7df
-
SHA1
daf9a99346dd7ed6f7969715f31662810f0b5d0d
-
SHA256
82fba18f0fd8294ba8bcce339a2380af71c4f1b8bc4f528d886ac0e5ed1e91f9
-
SHA512
06d5cf3c37c2c18c2aecedadb3845a2560aae100cdb9d0c3122284b182db0c4d03c2b69b0a5d9849d776438f3d3019aea99511a4908b1da957c1b1de774515d4
Static task
static1
Behavioral task
behavioral1
Sample
Catalog.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Catalog.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
K$pbkEK0
Targets
-
-
Target
Catalog.exe
-
Size
469KB
-
MD5
9163e51565ee60a00548fca94dc2a8e7
-
SHA1
44d568b4e7d99bf1c89dfc18f293986836d1c9e2
-
SHA256
d2a772260616ccc61555ef2c4e08d53bd33c07997e63250e6ff7e1bdc9c96238
-
SHA512
6ca17baa8753ef9db2f0a380cbfae6d0a8fca75aab0e9a071b951a2808aea21d1bc192b45b1bcec44324c40faa887e2cfe93538518a2173903957a2f6048023d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-