General
-
Target
84f7f5cd186eafb57fdec24cd1887313574b5ebf9b21907b19f89b11d36645ca
-
Size
439KB
-
Sample
220521-ahvaesacf3
-
MD5
8d0261d02ec6dce190810902e3ad8120
-
SHA1
9ead8e6f8ce376b17132112f2923f38e6d7e3608
-
SHA256
84f7f5cd186eafb57fdec24cd1887313574b5ebf9b21907b19f89b11d36645ca
-
SHA512
17a8e1fcb9e9eb8423dff137761de05609fcbdb8a234d4ac6fe1565358cbfc87c56538930ccee1b2a7dbb7af6724af9ca07a7c0341b7dd0f97ce23affb5081f9
Static task
static1
Behavioral task
behavioral1
Sample
P.I. Ref P.I051216.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
P.I. Ref P.I051216.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
quaresma11
Targets
-
-
Target
P.I. Ref P.I051216.exe
-
Size
507KB
-
MD5
e5181badd9a9331327095df2f2fb4255
-
SHA1
0c428ad1712ba41675170773e1216f9b681dee47
-
SHA256
75e41eb7b9f88a279e41be0944ebe10df52c768f5b4992597d693fe58d96f4f1
-
SHA512
d4970a70f0e055cd083bd47ccd1c8ee6d78ed02f32b1f427aca01262eb2211a8ab0b69b71a69f6339fc4c6227295c9c2dfabb0952bd816ff1e74d4c9fe6032e9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-