General
-
Target
4825fd78e406e9bcb21ff45b65bc0b4bde7826243ead732bbbe03d032e4e7f05
-
Size
400KB
-
Sample
220521-aw2awsahd7
-
MD5
ce58bf8683a6f32ace50a932b0e41f56
-
SHA1
9aab45b9bf68ead9fe3171ca9702d1d8d605feff
-
SHA256
4825fd78e406e9bcb21ff45b65bc0b4bde7826243ead732bbbe03d032e4e7f05
-
SHA512
2857a372e7840a18a21aaff611e1392965e6e3fc297fc2208ae69155985e3725ebc0f471adca0d135608c8f1e90348cb84bb2719ef92fff5b59e2086acb76858
Static task
static1
Behavioral task
behavioral1
Sample
CALL KENDARI FOR LOADING.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CALL KENDARI FOR LOADING.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
vicanto1994
Targets
-
-
Target
CALL KENDARI FOR LOADING.exe
-
Size
578KB
-
MD5
040ffb26c9ab0884a0aa2af46a92a19e
-
SHA1
c435f24b858eb46e9b812042f5c40c81a4228d7d
-
SHA256
789745b0db567cfc2ecf3c1230dac5b4063f091a48eba1137f8869edb2cfc7b6
-
SHA512
c3f8b6aea26cb75409e91145d87ea1d164f954771f8cba601253a7de0f98f056fefeb2f8c8342b89ab7be53bab7d7d844b7fe56faad0297096f53a5e2b84270e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-