General
-
Target
656e2f3fc777bedb947f7b6c5c2a54875e4f59274b60cc8df40a6b780d42dd97
-
Size
625KB
-
Sample
220521-apxn5adecm
-
MD5
e9c9db1c7460e94fedc793e977cfba8e
-
SHA1
c73e183ad0f2df7495dcd45c499ef0f65815ea26
-
SHA256
656e2f3fc777bedb947f7b6c5c2a54875e4f59274b60cc8df40a6b780d42dd97
-
SHA512
adf6747fa734bf13479cc5fee93e3004ca8fcaf4ba9169fd6e65b5d4620733546c00c2b2b17af323abaed09509a38c6261520b54aeb2b146e4076e74c547fc7f
Static task
static1
Behavioral task
behavioral1
Sample
Ref PO-11059021022021.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ref PO-11059021022021.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.a-k.co.ir - Port:
587 - Username:
[email protected] - Password:
09133434194
Targets
-
-
Target
Ref PO-11059021022021.exe
-
Size
822KB
-
MD5
3508d774e8df045ef0439c29e48169e9
-
SHA1
52914ca4c253dca00fb9cba081c8ffde1bf6f8c5
-
SHA256
df57cc0b28f8d1219fd566db53271af52086fbee8b3493d42c93b82428f2fb8d
-
SHA512
0eaf8f044fb670f922559ebb3a8412dddc4670268f15949a09d5cc3017e91320c4ed988d6452711b2a92c2fdd6eba8c3bb4af09a8d7c490a3c01b637151b3995
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-