General
-
Target
b1802121638afdbe414c77db5f708e4d9fa1b7536782069c64ded7af245066ca
-
Size
396KB
-
Sample
220521-b1jgbacgf4
-
MD5
81f11b238fc3823903e5dd7120f4bb43
-
SHA1
18bb943ada966d6c82c6d6eac7f5205a675b2bee
-
SHA256
b1802121638afdbe414c77db5f708e4d9fa1b7536782069c64ded7af245066ca
-
SHA512
7ce154776d0cb74e88041e45f56b3a3918c47260f2f6be3b929388874328843bfce1d8712a7d18c449efe76ae9953f52b0e256fea8ee8535c194da18457950b7
Static task
static1
Behavioral task
behavioral1
Sample
PO_4091.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_4091.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
neighbor123
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
neighbor123
Targets
-
-
Target
PO_4091.exe
-
Size
480KB
-
MD5
2f0bc79fec8651f0e45ecfbb229d0b7f
-
SHA1
a3107ca93d12cbc6f411233aeb017e9391aac832
-
SHA256
66a70b0fbd80aa28f3215b944260a8ce06a97d6e7f975cbd0100fba806b95016
-
SHA512
ee9e741d3be90e33b5a9dc6977833bcae25d9e1472d2e146c68e80c75ee389eab3304bbb8ea2a6c8aae095d8bae5a1856964374bf3e0a118659c9536c3989980
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-