General
-
Target
2187e3eb23459e0ca975da253206732e70c6d8ed2d668d8f567369bf4a0812e8
-
Size
445KB
-
Sample
220521-bb3tnaefhr
-
MD5
fc506dbd15a3ae1fb24742cb74bee01f
-
SHA1
c3da371fd5ed24092df3cbdb3b07ec6b6e221a35
-
SHA256
2187e3eb23459e0ca975da253206732e70c6d8ed2d668d8f567369bf4a0812e8
-
SHA512
39d22c707d57a6a4da27e75bcd8b5d0d4c5168d91f87596a16b5d574938a75a2df18de374f7b70c52527089933bab4903602e0b443aead497b3f76091336a8c0
Static task
static1
Behavioral task
behavioral1
Sample
ORDEN DE COMPRA_005983452.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDEN DE COMPRA_005983452.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
web2.changeip.com - Port:
587 - Username:
[email protected] - Password:
?SPl]G,tH4-t
Extracted
Protocol: smtp- Host:
web2.changeip.com - Port:
587 - Username:
[email protected] - Password:
?SPl]G,tH4-t
Targets
-
-
Target
ORDEN DE COMPRA_005983452.exe
-
Size
515KB
-
MD5
fd85c2ffd1284199960decf0bdf6bd79
-
SHA1
348736bb692cd28c4e65e1cc969cf4c0c1dfde4e
-
SHA256
79bb4b9e3765f026f5fb93c66d40b77bbf47fd72f79f677a4bbedf747437caa4
-
SHA512
128f1ab0844ad6e979664978377971dfc81db35ef8aa2c2ee4f5e1c95f7f3f0b50d9c73b91a27b181259af3623f281aa36d89b4c3236f967e87aa059681ca267
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-