General
-
Target
603715e9b17c8bb9ce42224e8ab2699a6cf9f851b992f3af13ae393351d4e54c
-
Size
1.2MB
-
Sample
220521-aq7wgsdehm
-
MD5
e8096a8ac72826b8c9afdc33edd354e1
-
SHA1
a595c15c57dab399527d1910a20278f82955a9aa
-
SHA256
603715e9b17c8bb9ce42224e8ab2699a6cf9f851b992f3af13ae393351d4e54c
-
SHA512
e7a6f997282ba862183a2cf9f6e0190ef87f2a423d415a6e3fe5ea650c498c2034e21f6474f92ad352c521a4c3ebacbd5cc5afee957d66bc3f97d46fc9248dd5
Static task
static1
Behavioral task
behavioral1
Sample
NHWJOC9C.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NHWJOC9C.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://asnbanknl.com/ - Port:
21 - Username:
smartpips - Password:
3mPf4$l2
Protocol: ftp- Host:
ftp://asnbanknl.com/ - Port:
21 - Username:
smartpips - Password:
3mPf4$l2
Targets
-
-
Target
NHWJOC9C.EXE
-
Size
457KB
-
MD5
ac32d76fe133ae35db1adf7172ab92ee
-
SHA1
88f89cbb5dde794c3af43e0d9726749e9944bbaf
-
SHA256
9bca8f7366390a1fac5bfcc29896ce8d4e75475eb9a3b41af7293e9c6b718451
-
SHA512
12dbfb6bb8d473011e812fd1956ebad90fbd10bfd18d13f019ff4c59d48c4e74cfb649d5bca9e16f11214f84e7af3c0d9d656027cb939f32e70250651eeebd25
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-