General
-
Target
61bf7f5adaddb66eb2231b3014f8f1948bd34618ee50c337d5280aae3df1a114
-
Size
395KB
-
Sample
220521-ba26qsbfb6
-
MD5
1e9edadbab80d24982ff18ed4b33cde5
-
SHA1
81ac127d0f678fe829fe67965157a429ba314ca0
-
SHA256
61bf7f5adaddb66eb2231b3014f8f1948bd34618ee50c337d5280aae3df1a114
-
SHA512
76d3d076c3133fe6646298771cb944378bf06688de59047b2498848ac6ec774a3bbfc4d0eceba7eafa399fa2e2d7cc891a0c6183dc9ab72844238a56af1da458
Static task
static1
Behavioral task
behavioral1
Sample
AD1-2001028L PI.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AD1-2001028L PI.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ezesundayngma
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ezesundayngma
Targets
-
-
Target
AD1-2001028L PI.exe
-
Size
484KB
-
MD5
a63f759940ed9b792b9814731856414a
-
SHA1
37f080c9760a74986e743354eaca450ff6ac2adf
-
SHA256
fdfffd416c8b419d498406454294a9c5b4ac014264e4a4181cca1d76d2dde4e4
-
SHA512
c62510ed15ee900ea50fc7a27cb806c8c0bedf556bc702d6b1012d725f5a6109d3bbbcfc7ae3d0fd5f8def933d1e3b97ddae016f09a3a7fbfcb1df35bf2572ce
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-