General
-
Target
ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658
-
Size
428KB
-
Sample
220521-bl9d7afbbj
-
MD5
2885ee22c9885bba1a8aeab23e0c435d
-
SHA1
b7344ee8ac4e45ba217b78fab031dcd798454154
-
SHA256
ed5ff90bf75779d13250384ca760ac821ad07de586cec1232551774024098658
-
SHA512
d91edc78e1b5aaee5fb207e1121c328377be24097842674bc036975270f3dd932e31d96140d95ecdb5f6ceacdc54ef2f76ff57d136d2a6278738ff1a1ff90a6e
Static task
static1
Behavioral task
behavioral1
Sample
E-20816.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
E-20816.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
company1960
Targets
-
-
Target
E-20816.exe
-
Size
469KB
-
MD5
8e9625359fdd16f2e4d3d3c0e570b190
-
SHA1
2465e8072b2aa1fb3218b6774fc7ebeb82f3db7a
-
SHA256
3e7332310ea67e1982c17c325fde52c70c2155f73d2792b51e2484b86ec51e1e
-
SHA512
7015ee23304c882ce084104a9d8604f17012916faa56f737c293f4668e677c461997310b8a4dbda5b6839383b4c10459bd19a9188b7244b65f255582e4f9bd3a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-