General
-
Target
6f7a21f174b891758b93e5213ed1c59e7028a5bc81e904092bdde053a5068be9
-
Size
488KB
-
Sample
220521-amzeyadden
-
MD5
d2800dfa1867764f7cdd5af08a9507f7
-
SHA1
b7040d72d6ce0098029bed15da9267f7f1931907
-
SHA256
6f7a21f174b891758b93e5213ed1c59e7028a5bc81e904092bdde053a5068be9
-
SHA512
971c39d8f44a7a5a3dc3b0d998215c3d755ac11ddd0733a67ab7d1ccc7852b39bcadf4a1355346d8ab35c225cb83a4f8946dd7f590bc67d1aa17363d06e674e3
Static task
static1
Behavioral task
behavioral1
Sample
731104 A- Billing form.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
731104 A- Billing form.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.radiomeff.mk - Port:
587 - Username:
[email protected] - Password:
qazwsx@11
Extracted
Protocol: smtp- Host:
mail.radiomeff.mk - Port:
587 - Username:
[email protected] - Password:
qazwsx@11
Targets
-
-
Target
731104 A- Billing form.exe
-
Size
816KB
-
MD5
6e19e0712ae1e6d81d941842325a7ed9
-
SHA1
88cf0f0b24cae2ed9827193bc160b6b18fb6e816
-
SHA256
14eba8c7f68656e758892f4e97c02ea85f38b14fa36145d3aca2c5bfa91e712f
-
SHA512
7c9ed9074981feeff5fb3762ac769f011dfaff353f0e3a800804ddf42affdfe2336c97817f64d1e83969e88f4147b82e9c675bd336356c874c762a27d4bf3bb4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-