General
-
Target
096d05642c1e92342e95b97825447c080d63be39c25e870c2a1ca8e17eeecb71
-
Size
390KB
-
Sample
220521-bces8abfg4
-
MD5
826818713790994d8e26f8c5762610cd
-
SHA1
6ed949ed350c65b2c67327cc5d3df141748ed0c7
-
SHA256
096d05642c1e92342e95b97825447c080d63be39c25e870c2a1ca8e17eeecb71
-
SHA512
43996d6299dd0852c9dbf3d6ad24d6e030adf04d4c9a3e5dc4ac544530c32b15309aca0d81479a4ec61a6c50f769f9a74f53510d3e82af62d0c7cf99a853a6fe
Static task
static1
Behavioral task
behavioral1
Sample
technical requirement.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
technical requirement.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@damienzy.xyz2240
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@damienzy.xyz2240
Targets
-
-
Target
technical requirement.exe
-
Size
442KB
-
MD5
47ee6d7bbfce07dc6ef3534e002583f6
-
SHA1
907690f794bd018d8131dd527a8022a24eb91822
-
SHA256
f688b463a057afb9a38b9c380035f17579bc1f4b12b8041a5c5f388d11ff9158
-
SHA512
aeed898ef3f6cbba61412e3097e3831ffed539afcb7c75635fc7c8215e59c3fbca6a271efa2d50fa73d5684da064b27742e7a39c685f532abff442ce885e57a1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-