General
-
Target
5934bd5e357d613ec643a27ffb7e347d0954ba1641885833bfed7dcb8357a31d
-
Size
616KB
-
Sample
220521-asm9vsdfgj
-
MD5
e62d3f263f38c3c463fc6835ed0d710e
-
SHA1
09121ca011509a44d952fbd0ec6b6edb8269a0dc
-
SHA256
5934bd5e357d613ec643a27ffb7e347d0954ba1641885833bfed7dcb8357a31d
-
SHA512
de28228a9d4acefddf0f10840d177718cda36912e064d06ecbfff1e95df053494c32bd539c8829a9d1805b20a4d9c45a9e77e84fe3fccf2cecb221d7e24ea077
Static task
static1
Behavioral task
behavioral1
Sample
oCuh3V3aoPBhwtd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
oCuh3V3aoPBhwtd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.aiotecs.com - Port:
587 - Username:
[email protected] - Password:
IWDma!*4
Targets
-
-
Target
oCuh3V3aoPBhwtd.exe
-
Size
562KB
-
MD5
55f13cb30ae279d01c841d5d1df254a5
-
SHA1
d5c921d2852869fe6a56b044280edf0b18c2fc3b
-
SHA256
141f6b77ca73edeb173fee8e7d07dcf4655a6160c47e471ba6939a3807ec258c
-
SHA512
614738b95e4781cc792311fc411bf5b011f4690666f312f2b7472e026ef98fc64a010f61992bfcc32620dbbf55f3fdd73038a665914ecde433b432111498cb36
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-