General
-
Target
5a6473afa5eb4f04eb5fa442198a90c27fbc9da2582e51bc070870cfeb3ba669
-
Size
379KB
-
Sample
220521-asemqadfer
-
MD5
2768ae5cc4f5f0ca91c54c49dd69d75a
-
SHA1
46161c3a9003d4c12d6066d4af74e0560a415433
-
SHA256
5a6473afa5eb4f04eb5fa442198a90c27fbc9da2582e51bc070870cfeb3ba669
-
SHA512
29693ec24935acacc80a491340ae3138398780d825d504cbb9dddaef501af8ce13565f5388667a85ec490c1b2fc22084e94325f35276d6296ab1b05ea0952864
Static task
static1
Behavioral task
behavioral1
Sample
POOED20201366.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
POOED20201366.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.greenslr.com - Port:
587 - Username:
[email protected] - Password:
)HdurgF2
Targets
-
-
Target
POOED20201366.exe
-
Size
422KB
-
MD5
fcbf7204db1e0beed9d269641d65f957
-
SHA1
885ee8f82104912ab6392cbe397c88bb01f1d263
-
SHA256
89832aeecfac3c9bd0c972fd727f0987054e2c501aaf40b61c4843e2923d2869
-
SHA512
a407023bfbdc666361b1e71a8462b02644dc1fb47af5af87d7465c173286ab40c089b199cfa10d6401f8b8cea0d27dd96ee33570dde12418d70d3a20ccbfd7a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-