General
-
Target
79b2d429cb15d25eb2246eb5e2c05cef2fabf246bd55145422a9d46763d19d9f
-
Size
368KB
-
Sample
220521-ak9g5adcgp
-
MD5
8ba9f53afead3bce5e4ed1ed0de670f6
-
SHA1
7e3be340cf2774aac69544911213f4d0ecdbbccf
-
SHA256
79b2d429cb15d25eb2246eb5e2c05cef2fabf246bd55145422a9d46763d19d9f
-
SHA512
17be9d44c64f8e5ece92d111e514e92b441d3dc377c8e902a8aabf3f065351d5d933cc58c79e07f44bfc01fe11086f42e672dcf33a85088d8736d83274dff116
Static task
static1
Behavioral task
behavioral1
Sample
Penalty OrderKRA202020882831.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Penalty OrderKRA202020882831.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chirophysic.co.ke - Port:
587 - Username:
[email protected] - Password:
hungry11111@
Extracted
Protocol: smtp- Host:
mail.chirophysic.co.ke - Port:
587 - Username:
[email protected] - Password:
hungry11111@
Targets
-
-
Target
Penalty OrderKRA202020882831.exe
-
Size
424KB
-
MD5
83ffaf5f8729b1a4ff7428a5082e4c71
-
SHA1
b199ad3a800fcd13767a4013d3f04858d9ccf4ae
-
SHA256
9188e0249f301926e45fe1247169c6f08f7a6dbf617af223bf9af5f9e4a4746f
-
SHA512
13d7279558b3e826d3e0efbd43820a3e623f97ae61f756de4d213ae3b8e418828ed6dcfe3f8051fab0b8424a1c94b98ab8e036662bdf660a2ec4060aa605bd67
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-