General
-
Target
5cb3497f614368c3ac65a5e54a7fb3686b4252286f6f32bd608323f01b8f33b0
-
Size
553KB
-
Sample
220521-arydfadfdj
-
MD5
ac95ea3151b78da2bd0f116fb9d47817
-
SHA1
fcaae9038f407a6e64f4edac0508d369010f85aa
-
SHA256
5cb3497f614368c3ac65a5e54a7fb3686b4252286f6f32bd608323f01b8f33b0
-
SHA512
e1d8c51a190a3035f36e63449dd6c44a7264f01c9c26dc40ec084cabbd51e25a7836fbaff8b2f797579b460b11e167efb93ad74252c1d62817214d6da8418dc6
Static task
static1
Behavioral task
behavioral1
Sample
INQ#10932.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INQ#10932.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@Mexico1.,
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@Mexico1.,
Targets
-
-
Target
INQ#10932.exe
-
Size
910KB
-
MD5
ab173fc941b3ff29b61a7c367a20f0c9
-
SHA1
7c2d64b587f9f61e4db8c51684194ce090c0325a
-
SHA256
dc33d410898885b637ad8dd510d290ff2c00ae00069f28a60a282364faf0384e
-
SHA512
2101db46bdd426ccd977db05324910c6d1b33eaab02a3fd88d3b2e74b404b1243abf1f7d4e34536d02a2e308428eaa15d6c4d8ada44a4c317d00ec68c57533f1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-