General
-
Target
08074382bbb51534d6e743e9f948f6fa8b0e33a05598a3692dd8ec006773cc1c
-
Size
1.3MB
-
Sample
220521-bcgb2segbm
-
MD5
b02b787d1a37e45c2dc1f6fb9d1cdb55
-
SHA1
20390ad9513e3b1ea91af5476c76a642a5a6c383
-
SHA256
08074382bbb51534d6e743e9f948f6fa8b0e33a05598a3692dd8ec006773cc1c
-
SHA512
fb1bb7d0f9ed4cd0b404294341b33eba966dff3bdd9bbca62731177983f8389c8d7e86d62869c0afd94554db1ccce751c7d0b000f3c22e1b0c4b6d209a6569e3
Static task
static1
Behavioral task
behavioral1
Sample
PO_UCWEB.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_UCWEB.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Blessed000@
Targets
-
-
Target
PO_UCWEB.EXE
-
Size
800KB
-
MD5
df0158771e58f80c1346943b393d92f6
-
SHA1
7293ed7ec4181d06b0f626bd9ebdef74f5e4850a
-
SHA256
6cfda8d801be1dc0741573babb2b48ccec13814faf7100875d32517d12d3ea60
-
SHA512
f03cbb9bbc3b183564c309087f5a73cee668791bf3bd12d92d312e95fa1d3a3b3e3858c24158749921bb093edc32704b8b946c7997976c07bba80aaf1fd8c7bb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-