General
-
Target
18cd007045e6d4677d64b2ad12a44619271b4e9a97bb321521d8ce3a7594a764
-
Size
710KB
-
Sample
220521-blbsxscaf3
-
MD5
922f2737a355dfab091d7eb5be3187ac
-
SHA1
ee2724ce5eeabc272e7e3ed8adfa3fa5d469214e
-
SHA256
18cd007045e6d4677d64b2ad12a44619271b4e9a97bb321521d8ce3a7594a764
-
SHA512
7d9a8c64696676a56dc58397939b69611433354f5662d87e28964b0a324c43e3b0222db912fc64500d6d4fcc43da11545741c8d1153ad6baf440683c86d8d755
Static task
static1
Behavioral task
behavioral1
Sample
PEDIDO Nº 865.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PEDIDO Nº 865.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.infotaxis.tk - Port:
587 - Username:
[email protected] - Password:
?.t$K*cdh)Gj
Targets
-
-
Target
PEDIDO Nº 865.exe
-
Size
648KB
-
MD5
0034a67d2f8ca4f40c52ec3634805b34
-
SHA1
019eec77d77daa3c2db7413c581c70296ad36736
-
SHA256
0c92c000cf6c2379961f35355527b1886d053245d90a584d8d7191bcb6ebccb6
-
SHA512
7e253be95b6b3100cbeb78dfdbde939207ad839b8301bef893f04c5b12bd28ed7e162c3a2501b5d810e6de80b026ce7c979e17bd06ff0cd3491d9f0d9d488c87
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-