General
-
Target
476723b94746037cf4b29a03167fe89d15a65ac090cc04ca4a0643ff47d31023
-
Size
459KB
-
Sample
220521-aw9x2aahe7
-
MD5
35d42c33cee37e9339170fcfc59fe2b9
-
SHA1
903aa4f0bd92764baaf5f836c744ff1007619d6e
-
SHA256
476723b94746037cf4b29a03167fe89d15a65ac090cc04ca4a0643ff47d31023
-
SHA512
cddf8e2e30567076696826558d5489ea31e12f89b07f2afa8cf295cd21708ad8dbad984234e5cf2d6bcb7e63b605aeb04bde41fa88b82015066d9912453e4d92
Static task
static1
Behavioral task
behavioral1
Sample
PO10007986.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO10007986.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.malkocbebe.com - Port:
587 - Username:
[email protected] - Password:
Malkoc2020*
Targets
-
-
Target
PO10007986.exe
-
Size
714KB
-
MD5
e8975481528a738ad90dfb17f18ab9d6
-
SHA1
886051a6c3c292f1fcb0dc37496eab10ed57c865
-
SHA256
77a1ede94526537eaafb97d3988163df0f3cd6887d762faa2db61e49bdeefc02
-
SHA512
4157640c3749bf81ede2e96437af10d43e5d9b79ab1b838fe170ebcd185f1dcf2c23b3523834f0f55e5dda752f70d246d445e15ed9f4bb2f969046f1c26364ef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-