General
-
Target
5def2efdf9ad16cf5ad52b3148b455621c61c6d2eac8451b62d8559927c0c22c
-
Size
382KB
-
Sample
220521-ba6txsbfc2
-
MD5
b82438b0b91cfd71b96b1dc7f5a11a45
-
SHA1
616515bb9b40f210b8fbb012555692cdcecdfc0d
-
SHA256
5def2efdf9ad16cf5ad52b3148b455621c61c6d2eac8451b62d8559927c0c22c
-
SHA512
41bde6bc10ab63e2e03e8f897818a206d32ead2857ea04eee779f9ad1cf6f43957695c39149409d1c42a2896016415cb12928e9569c41d4d362c7fe87a24df90
Static task
static1
Behavioral task
behavioral1
Sample
overdue account letter.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
overdue account letter.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
mpjw2013
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
mpjw2013
Targets
-
-
Target
overdue account letter.exe
-
Size
422KB
-
MD5
7c6fbb8b491fae4f03bf5dbb97512bd9
-
SHA1
e58f5a8797ff54adc54cd428936dbc7d21fe87e2
-
SHA256
e1f9e09156ca969a490892994d53114384917b6a7ea25edcd87c06c9249d1f2d
-
SHA512
81e1bd25480547f02abd6678228ebcb5c01987ab50550fc3e2ea7604bece07a71d0ad271c3e42a569afc20671cd9857fb58e072b8dd5260493c52eeb853731d6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-