General
-
Target
7f75f3a8ad92f242111e5f3cab18f0dc25e5fd1b359ac7df1d219374ad0590fa
-
Size
483KB
-
Sample
220521-ajwvmsdcbl
-
MD5
83abd6f75e0dd52342970085220619a4
-
SHA1
3e3cb57582a98dae3e37ed0b1182fb78623e1c9c
-
SHA256
7f75f3a8ad92f242111e5f3cab18f0dc25e5fd1b359ac7df1d219374ad0590fa
-
SHA512
fc7688ddaed2be1a3849714eefc4baca51c564d6897f17db725f912de317d34da44bb580581e1e8ad5f43b11976dae08e6ce9393d3e1f19c6f80b9fe88d17116
Static task
static1
Behavioral task
behavioral1
Sample
PO10007986.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO10007986.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.malkocbebe.com - Port:
587 - Username:
[email protected] - Password:
F3ETsYDbeffR
Extracted
Protocol: smtp- Host:
smtp.malkocbebe.com - Port:
587 - Username:
[email protected] - Password:
F3ETsYDbeffR
Targets
-
-
Target
PO10007986.exe
-
Size
738KB
-
MD5
b6e8901d75e98482e9f722104a438967
-
SHA1
bb1f3d496eb38939b918baa0d3e6bcfdba97048b
-
SHA256
0ce1f9f897c1739840a03b61be04a16aa34a90bfa0312e51658d7a652ca45ee1
-
SHA512
5c9a630c3c16c076e587eb179b7bc2ddb9b11e93830399b0c639f30366b0817d53e9f4e03b5fc0b6848fcfea9ad7c6194e8ccd23a70880b87ac01ca7c276cf22
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-