General
-
Target
4d1c6306576a3841ce94865a305f77778863ed817c9dc8b83cabd25ee38af7d4
-
Size
386KB
-
Sample
220521-av2j9saha3
-
MD5
4090b91ed584f4428e6f5a84623a74c6
-
SHA1
877516ea1a2f26b2a8a82ecbb12cb6f3478c466c
-
SHA256
4d1c6306576a3841ce94865a305f77778863ed817c9dc8b83cabd25ee38af7d4
-
SHA512
95fec565016dd2184ed714775b7f2cf898cad07dd731b126cb1f4cf6022d0f653529cf29bc3d21ba69df109ca909401e60d09e24da854c74e750d673163a8ee7
Static task
static1
Behavioral task
behavioral1
Sample
Trung Viet - new order documents_#0020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Trung Viet - new order documents_#0020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.daiphatfood.com.vn - Port:
587 - Username:
[email protected] - Password:
jn&6kG~_w;;A
Extracted
Protocol: smtp- Host:
mail.daiphatfood.com.vn - Port:
587 - Username:
[email protected] - Password:
jn&6kG~_w;;A
Targets
-
-
Target
Trung Viet - new order documents_#0020.exe
-
Size
591KB
-
MD5
56bc65bc8b533f57e14a3913c2e6bfc6
-
SHA1
e6180773a85e1e4aa0e9ab2065e1638df3383e6b
-
SHA256
367e5e97153f85008f89e575fc7e5b871eccc671b8247acb92e89a128204ab41
-
SHA512
9bbf65375c454e889d7ac98e896b1ce1bd923f492c5d0b1de3c2bc115d3f2108a7e808aa8fec76ba8c105b9107d7a719a6f872c0984b69f5d62d3d3f9586b1e4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-