General
-
Target
6e2e2dd7e044631a8cbeefc590912966780ba8cfc2274782cd2226af7f7c4f6d
-
Size
515KB
-
Sample
220521-anbehaaec5
-
MD5
1d7727c1488c55324b2507f3f1ba27e2
-
SHA1
272ac2b15c9fa3a5f5b69f1a8625274e930b7d64
-
SHA256
6e2e2dd7e044631a8cbeefc590912966780ba8cfc2274782cd2226af7f7c4f6d
-
SHA512
6bbe6b330fa8e0e42085fdb0565b837d35347b078642150dd0457bea5c82ef6830f22b8ebed6866a58a418d2ce8bf31f33714b05be800a3144f1cb408da7119c
Static task
static1
Behavioral task
behavioral1
Sample
Fedex_Commercial Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Fedex_Commercial Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Remember@123#
Targets
-
-
Target
Fedex_Commercial Invoice.exe
-
Size
791KB
-
MD5
eb399d8e95e6b5d8b47eb7861d4a8631
-
SHA1
5a737e28680097c70b94e63b40766d60776d6023
-
SHA256
8e7934b4a6e7e21ef57fbc897a2f03cf5d487840b4434544919e40c7ba9c3021
-
SHA512
8e93d2c755aa5b1e980082334143ab4e16eb66ddabe5c3ecb6a43a356b350c52f9ac51ae708f6bbe7987d2f09cf995f6d59cdbfbf7514e42145df29ade2d069d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-