General
-
Target
5040f5ae9b77987ef555a4d2ad57444ec6b81717bec04ed1b6f5fd740bfc34a9
-
Size
430KB
-
Sample
220521-bbbp6sbfc4
-
MD5
cf92396872354362c64c0f56ce11f65a
-
SHA1
6a1dbbf26f61642ad85b7494f3b2e2ee66f50aaf
-
SHA256
5040f5ae9b77987ef555a4d2ad57444ec6b81717bec04ed1b6f5fd740bfc34a9
-
SHA512
2e682db18488fff2ff516e6c72fd445de382c6ecd41ecc741c1a44a09f5c30122cd064002834d0484d08f0b655021c08575d49d921270730d67cbc13bc70a058
Static task
static1
Behavioral task
behavioral1
Sample
2001016641..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2001016641..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rezuit.pro - Port:
587 - Username:
[email protected] - Password:
grace1234
Targets
-
-
Target
2001016641..exe
-
Size
470KB
-
MD5
084de63048b0bf916e1f67db05c27937
-
SHA1
b36fccbc2bb51f77e609d2b06248c8c121db7245
-
SHA256
d2cc2b6ba20f79d6fcb9c05d24b99d492ae1f4c6d12fe836e5aa05f32bb68beb
-
SHA512
2f851d6e3cfeb1297886927d9cf964a388df9e3969fabd62f9f6849db7cf8467f139c791679f2aa9ee37a5a68ca9cd2f8a7aba6f70f100d7aff0ecb23d8800bd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-