General
-
Target
6ccd8409f4a545b9d477c7dbb7cf080c74462409d2c573fe4fe135a49455b0e8
-
Size
688KB
-
Sample
220521-ankyyaddhj
-
MD5
a5074c161e596733e67566e8a286ee48
-
SHA1
30d9b1ed0f31e18c6712fd0823a981952efc0e90
-
SHA256
6ccd8409f4a545b9d477c7dbb7cf080c74462409d2c573fe4fe135a49455b0e8
-
SHA512
0db8c5e38b4b6afd98c0f94609f9d0c65f40013c559ae22a2af31996b145d241576f0973807013818d4f4b985d0154361999105bb3be04381dc7dc981965a5a7
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY No. 280720205467.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INQUIRY No. 280720205467.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Extracted
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Targets
-
-
Target
INQUIRY No. 280720205467.exe
-
Size
881KB
-
MD5
e14854c31e52d5e79f15cbe1f1384639
-
SHA1
55f684506ce07d0ff89cf4a598b32d70fb1dba52
-
SHA256
2178c5fd247fa0624e9f703162770d12b8dbb9bc6b875b69a6fe760f08100dda
-
SHA512
decbd1460c31a2b4c9853fab8634ae6e5cc0c137f02158f2d2c04636689f12589611ac1ad837b63c330510f146378d783064b4893eb0e0bbc43fd1e30fdaf59c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-