General
-
Target
fe155a2f79eb0a91c02433b13776d9d2a4a05c7e31c1291e67d5fd2138b98681
-
Size
355KB
-
Sample
220521-bllm5afagl
-
MD5
97b0750bd3111cc3ce0a6c3ffa970746
-
SHA1
9c25a52599a759bc90a529f42088a0184893f887
-
SHA256
fe155a2f79eb0a91c02433b13776d9d2a4a05c7e31c1291e67d5fd2138b98681
-
SHA512
af105589449b19e0912f012ed8c716a71f2cd7e69320672f2aebb333cecb5f2939e62b3108283313585379dddc30291b790ad35df5f028168562a49b55bfc86c
Static task
static1
Behavioral task
behavioral1
Sample
Data Specification.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Data Specification.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
udug2424@
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
udug2424@
Targets
-
-
Target
Data Specification.exe
-
Size
442KB
-
MD5
4ac699c93b9942e025616162e0147c29
-
SHA1
302aec80d7a368c1887f22f33c151d827798d82f
-
SHA256
9afb1269ba69bd18c0e77c2061cbbbec9ef53143d2e39079ef729f9da2eb000b
-
SHA512
38fc69966254c8b77030bd78de2a1366173f9e848aa7727eab2884fd6207c0ed55c33f93c7c9ebf1d5a273ff3c5001e0dba76bcf8cee3c9b59f48a426c920bfc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-