General
-
Target
6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
-
Size
380KB
-
Sample
220521-ba41bsbfb9
-
MD5
879bdf3d2ea00dc83062834e36ccf7e2
-
SHA1
27bca3871a711fa46aff05a6b1ad1ae4cefaeee5
-
SHA256
6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
-
SHA512
4a268199330f6982631dc5944988251bdfbfb84cb4bb9e5e15e00f6242b5beba7733a4f9c89fb26ca9458aa9f755f9e1700d8409964ddc4e4ce64b1a541a3035
Static task
static1
Behavioral task
behavioral1
Sample
6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58.zip
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58.zip
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
#P0092737.scr
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
#P0092737.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.exoticpools.com.au - Port:
587 - Username:
[email protected] - Password:
SIMON3x0t1c!
Targets
-
-
Target
6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
-
Size
380KB
-
MD5
879bdf3d2ea00dc83062834e36ccf7e2
-
SHA1
27bca3871a711fa46aff05a6b1ad1ae4cefaeee5
-
SHA256
6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
-
SHA512
4a268199330f6982631dc5944988251bdfbfb84cb4bb9e5e15e00f6242b5beba7733a4f9c89fb26ca9458aa9f755f9e1700d8409964ddc4e4ce64b1a541a3035
Score1/10 -
-
-
Target
#P0092737.scr
-
Size
431KB
-
MD5
eaadfa3ac23981bfb06b63a4f8dbb6f7
-
SHA1
3e165aa160c709b1f2172006acf4825ce7892c9d
-
SHA256
15dd0d10d29e9a8844179c08a26be2eeb069604549d3470eb82993f6510d469d
-
SHA512
203d3812202e6476aa75d0230f69e334d818536baa7b2196e35f05206e01b0a70acfb13f8c519c888b95be641d37037418bc7671cad36c81a532effd39a7229c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-