General
-
Target
7f274135d183a34dec4f013a9f43bb01320ff9c797e57f5e8c15bd93e5f80113
-
Size
417KB
-
Sample
220521-ajyz1adcbn
-
MD5
af0a6edf80c4f13f68f895c6a3a28941
-
SHA1
a9eefeb1f6387bbd3babb69761bb8afaf312946c
-
SHA256
7f274135d183a34dec4f013a9f43bb01320ff9c797e57f5e8c15bd93e5f80113
-
SHA512
edf3e61b8cd6e177636c4ef86840a67de174940f380995f12ed189679abf50c54fb2051b53df9de8336daf547b0db8abff3b74e827a72779c497ae2009cc6b5c
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
tt@@@@@@@@@123456789
Targets
-
-
Target
PO.exe
-
Size
567KB
-
MD5
0a9256b6cc55be84af07375f8fb72a3e
-
SHA1
727c7689f52a1d55df71ca092c6c7d5220e79636
-
SHA256
ec3e3215b535bb6536ecf8df92c6580950a60dcfa406bb3f855de9aab7f6c7a1
-
SHA512
74ac39f349cd9581eca372799ad0d8fed8d27058b5a5bc77f1b0c31e60375815a37184a1c3ae8a807eb433bcc6c061056a70ac3420330073b625fe4c0b95b7db
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-