General
-
Target
7c14fa2d1628f2687fd8ec0f5ba6e58d068c78519b1d6b56a8643b72217f35e0
-
Size
461KB
-
Sample
220521-aklfasdcdq
-
MD5
1e9153d863a0dfcf466a6ce26432cdb3
-
SHA1
4a9a1f26d86de51079c99a1e633d2d6ff19ac9a7
-
SHA256
7c14fa2d1628f2687fd8ec0f5ba6e58d068c78519b1d6b56a8643b72217f35e0
-
SHA512
e4f24ffda51efd08073f0d9637145e350b8f89879bb3ee376929b55f1824675a0b828bd898c9564dac79fa620f8fb34e9643d7e904a151df5372b70784e4cb1b
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOCUMENTS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.el-sever.com - Port:
587 - Username:
[email protected] - Password:
admin123
Targets
-
-
Target
DOCUMENTS.exe
-
Size
664KB
-
MD5
86c32660eae56874038d23816e4aeb25
-
SHA1
9d33de36dbf70639cf0de14b9e70267897471500
-
SHA256
ab6c643159c159af03c43e99e1ee15747f4c72de44e47b1ba6675d8160f5aa6e
-
SHA512
0014c6d3d2e3b1ebf20457dfd60a8fd9420a6f8d7811d1c07714c09edf20aaaab13ce7f742f977d17ab7724cc01ed130561501219f10b730e4ad6ac7d1b35387
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-