General
-
Target
5fa2d3c264acae09e5ce87fa0a3787ab2d02390c18028f7c5d69e529fbb1c235
-
Size
524KB
-
Sample
220521-arax5safe5
-
MD5
584a1438ad97da6cde9b9328798a8294
-
SHA1
672e27e35e9db6b0c4390a6c90bdcc70190fd395
-
SHA256
5fa2d3c264acae09e5ce87fa0a3787ab2d02390c18028f7c5d69e529fbb1c235
-
SHA512
98dbc92993d2057a19de95b83ddc86783e5ee98ae76a4ea9c354c0d48d14f2fb1a73e59904c47fa299be3b4b4a1108bcfcb6ec03ecb5770693c3f2f1e77c1b4c
Static task
static1
Behavioral task
behavioral1
Sample
Anchetă.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Anchetă.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com.tr - Port:
587 - Username:
[email protected] - Password:
ok2019
Targets
-
-
Target
Anchetă.exe
-
Size
463KB
-
MD5
9d0501c4da00204f9af8f264a19f8193
-
SHA1
cd56db7805cf3dc0fac42db20bd604578ffbb571
-
SHA256
52b9ef39375547beb78dcb77e95eec51e077ea347cf684a9a36a7c58ac2de630
-
SHA512
aa192fa423a1de1ec4d27bf5fd199aca61a0508a9434d95c6509933ddfd54df1f75868d990bfa8ac1d6e43e127a7c2f5ed2fcfc966db03574c9aab2cbbc08ca5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-