General
-
Target
e704bf4633be667d5adc58437a214fa35e975eb72d1b5c888293c655606b190b
-
Size
1.6MB
-
Sample
220521-bmqy8sfbcr
-
MD5
ac171f5525cc79d621903778033bc2a0
-
SHA1
8173f70f9f95d63062d0cb54077013b021bf993f
-
SHA256
e704bf4633be667d5adc58437a214fa35e975eb72d1b5c888293c655606b190b
-
SHA512
2e7cca886dad9c8a81de2bb40151324c15e984e73198041c0a27deb72d311ae289282174524ba1285f6053e2a1116994b31c17992d9b9de9478bb377394ecdba
Static task
static1
Behavioral task
behavioral1
Sample
SKMB_093.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SKMB_093.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.adenerqyeurope.co.uk - Port:
587 - Username:
[email protected] - Password:
P@ssword2001
Targets
-
-
Target
SKMB_093.EXE
-
Size
1023KB
-
MD5
e2aa27c6654d98bfbf8eaa09f7dffc68
-
SHA1
e1df1c2ad50d495c9af7593182cc958b974c936f
-
SHA256
18c050136a977d835a913ac88e6ba07664833fe474eafa7aa0f6a99fbd9075e5
-
SHA512
687dc57030b9f1552831133d99abde1c0e4bf3f9857229ed0a2475606970c54846257b3c64ffdb3f3b3f8b29767239051b72e8cce53a550bb5e7b3b47eacf3d2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-