General
-
Target
fae66341d559859c8282510c17a66db2cbfc5be1b7eac3cef11af65d4dc60c4e
-
Size
461KB
-
Sample
220521-blngqafagp
-
MD5
fc8c45a23f5c665235438b1258c940c6
-
SHA1
b1b9d27f6f986984d32ed4488b73a289816c7f2d
-
SHA256
fae66341d559859c8282510c17a66db2cbfc5be1b7eac3cef11af65d4dc60c4e
-
SHA512
e455f6e1130d2941368ecfec8bc85f467e0dabf080cb6e40c16f62967c1d4f165b38f9064beecf5cf3055ca5fad0be2bfa1cbe417b81311ca412a2f7143bafc5
Static task
static1
Behavioral task
behavioral1
Sample
XIAMEN LONAKO INDUSTRY - products list.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
XIAMEN LONAKO INDUSTRY - products list.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bmmarine.net - Port:
587 - Username:
[email protected] - Password:
h)%_GO?8$PS_erY39h
Extracted
Protocol: smtp- Host:
mail.bmmarine.net - Port:
587 - Username:
[email protected] - Password:
h)%_GO?8$PS_erY39h
Targets
-
-
Target
XIAMEN LONAKO INDUSTRY - products list.exe
-
Size
672KB
-
MD5
c087e0f300e02002fecad4dfd09885d9
-
SHA1
7e35a959dbc824b444055211cee59a5e0829c7c9
-
SHA256
90c26ff2c5f1b8d996cdb0088ffb03a076a261fbe8cf8717d7737f0bcacb439d
-
SHA512
d8dd874b3728b1b4fddf0ceabc9860d9d62956c88017be39691bd59c8a75be9f8a62afdd5449a8415350e816e67bf00e226b468865b4d889e8e414acc59ca59c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-