General
-
Target
$45,520_180522.exe
-
Size
590KB
-
Sample
220521-axb3dsdheq
-
MD5
3f16c99040943dd50a8df3d0f4d2ae12
-
SHA1
2eeb4f24a92339b27c680d2330dd4c22dc129cf7
-
SHA256
7fa32ef7677187129e2a8c47c3a846beebd2c18c154a00989d97e01cde9edb4a
-
SHA512
3bfbe69961af3815c7d39df2fb40e01e878da35186d419f961bcd1b61e6275ab9cdb9717641294a43534fed24ddfb7ac6933f7b5b527bc03c95950f89c206308
Static task
static1
Behavioral task
behavioral1
Sample
$45,520_180522.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
$45,520_180522.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.silicainfotech.co.in - Port:
587 - Username:
[email protected] - Password:
Silica@abcd1234@#
Extracted
agenttesla
Protocol: smtp- Host:
mail.silicainfotech.co.in - Port:
587 - Username:
[email protected] - Password:
Silica@abcd1234@# - Email To:
[email protected]
Targets
-
-
Target
$45,520_180522.exe
-
Size
590KB
-
MD5
3f16c99040943dd50a8df3d0f4d2ae12
-
SHA1
2eeb4f24a92339b27c680d2330dd4c22dc129cf7
-
SHA256
7fa32ef7677187129e2a8c47c3a846beebd2c18c154a00989d97e01cde9edb4a
-
SHA512
3bfbe69961af3815c7d39df2fb40e01e878da35186d419f961bcd1b61e6275ab9cdb9717641294a43534fed24ddfb7ac6933f7b5b527bc03c95950f89c206308
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-