General
-
Target
35c581e3a194a5f87d0d1d4a2a3d03e30219ea320645af0b8bb33123ccfafac7
-
Size
431KB
-
Sample
220521-bbrfmaeffr
-
MD5
be538e028109bd976881dfc7987bcb50
-
SHA1
13b78f7722018c7a562697633bf2d9cc5f62dd6c
-
SHA256
35c581e3a194a5f87d0d1d4a2a3d03e30219ea320645af0b8bb33123ccfafac7
-
SHA512
0484ae6b0ffde5762df4a490d36e3f35ad609b91bd0ef72a02cc804a924311a4463c3d124452ebec3b42048c61d0ff111e2edd6e22025f620111f2ade17a3c1c
Static task
static1
Behavioral task
behavioral1
Sample
35c581e3a194a5f87d0d1d4a2a3d03e30219ea320645af0b8bb33123ccfafac7.gz
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
35c581e3a194a5f87d0d1d4a2a3d03e30219ea320645af0b8bb33123ccfafac7.gz
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
NCG207311154.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
NCG207311154.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
papa1974
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
papa1974
Targets
-
-
Target
35c581e3a194a5f87d0d1d4a2a3d03e30219ea320645af0b8bb33123ccfafac7
-
Size
431KB
-
MD5
be538e028109bd976881dfc7987bcb50
-
SHA1
13b78f7722018c7a562697633bf2d9cc5f62dd6c
-
SHA256
35c581e3a194a5f87d0d1d4a2a3d03e30219ea320645af0b8bb33123ccfafac7
-
SHA512
0484ae6b0ffde5762df4a490d36e3f35ad609b91bd0ef72a02cc804a924311a4463c3d124452ebec3b42048c61d0ff111e2edd6e22025f620111f2ade17a3c1c
Score3/10 -
-
-
Target
NCG207311154.exe
-
Size
498KB
-
MD5
22fbb2bdcd1308194687c06741b7c115
-
SHA1
a512ba6b3f94f4c28310166db8d29403e9d86f40
-
SHA256
9af4e7302015b6c26100e4119cc6463224adef98a668b459051615d9edc3573a
-
SHA512
44658501a7f2012270ebc0696025b812db9954012e581838fdfb8576801db9d4fa67aac62fdc941340150abf6dd5ba884ad7c9c242be908f8749958005219c53
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-