General
-
Target
592e243a2d12c70c2d1e2ab386fc717a188937426ffe6188a4f3bc697c782018
-
Size
409KB
-
Sample
220521-aspspadfgm
-
MD5
88c27286fc07aff80e0f5417a5e9e68b
-
SHA1
f2d50ba04038a9b31aba91ce4703c7c5c4e3e5c9
-
SHA256
592e243a2d12c70c2d1e2ab386fc717a188937426ffe6188a4f3bc697c782018
-
SHA512
8467e364360f1e6dae142d7bf73180ef51991309ecac2411c7cb467f442fb43b4446ed2685e2596e2bad2320ab02ca11f2359523018c83258ffbd70cd2791635
Static task
static1
Behavioral task
behavioral1
Sample
Proforma faktura 05.08.2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Proforma faktura 05.08.2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fratellidelpiano.com/ - Port:
21 - Username:
[email protected] - Password:
playboy123#
Protocol: ftp- Host:
ftp://ftp.fratellidelpiano.com/ - Port:
21 - Username:
[email protected] - Password:
playboy123#
Targets
-
-
Target
Proforma faktura 05.08.2020.exe
-
Size
450KB
-
MD5
61157457265e145de8823bca43f71419
-
SHA1
1d8ce0df5af4dc4cc9d82ba5e6cfc4378320a7bf
-
SHA256
8ec6be5f0aa7e1ac4aae554d03ab7189f5523fcbc0fda6eba1261d952b3a3246
-
SHA512
492a79153b518fd4915a4f7cc979a665a2ec2c4c28f2bb31177734c6fc6572be6d3cbfa2892e1993703707738e47956cd4064f3ac859f7fa0c4658a6c37962bd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-