General
-
Target
63013a9653f764f231089f62f9cc18dc60d0de2debe10310bbb007db0f201b06
-
Size
445KB
-
Sample
220521-blgzyafagj
-
MD5
d37c46deacabb728d1415ab12cfb8686
-
SHA1
eb9fbf4c05cbc4543728884d64693feab2295121
-
SHA256
63013a9653f764f231089f62f9cc18dc60d0de2debe10310bbb007db0f201b06
-
SHA512
ec1933a9886adead537ffe4aba2f1a24c4cd2d6807e57f802db1e2eb12a629c02e175ac3ff961c4172bbf9af2b7f13ccb0df1804b44741a166b7a1243c109ef9
Static task
static1
Behavioral task
behavioral1
Sample
ARRIVAL NOTICE & INVOICE ETA 10th AUGUST 2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ARRIVAL NOTICE & INVOICE ETA 10th AUGUST 2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chinagrill.co - Port:
587 - Username:
[email protected] - Password:
SnIVrXH!]f1q
Extracted
Protocol: smtp- Host:
mail.chinagrill.co - Port:
587 - Username:
[email protected] - Password:
SnIVrXH!]f1q
Targets
-
-
Target
ARRIVAL NOTICE & INVOICE ETA 10th AUGUST 2020.exe
-
Size
742KB
-
MD5
20424699f3d0832a9d1b46c74a7f4980
-
SHA1
149a7c7ceb87b4f8c579545e71f89baa308869ad
-
SHA256
4372af3cc2398f62f4737895b8d481e37441a22cf00bc3426546974c2636322b
-
SHA512
f8fdbc90a30ef98f854f0dc987acf435a8807838e45729a151295703e79e104556b0865d1efdabb6f05f29e2261b84ec38fdce38da287c0c6a18efd08935d4d9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-