General
-
Target
e1b6061949584e762914195ef7997b1c6413a15d28cdd4af9f63445bc141f1a9
-
Size
401KB
-
Sample
220521-bmzalsfbdp
-
MD5
e96647c61641f129546ce2f4eda89942
-
SHA1
195f2eac6ed05b52c864b8f8bee96a79db0532b9
-
SHA256
e1b6061949584e762914195ef7997b1c6413a15d28cdd4af9f63445bc141f1a9
-
SHA512
cec77513d80cad5a0511e42c5daae60d7731be80496caec85c1a5dcd3fe885055978c2b8bcd68fcdbb588906e1904b14ecc983e8a62b2015682b388b76558897
Static task
static1
Behavioral task
behavioral1
Sample
AL RAZZAQ INTERNATIONAL LLC REQUEST FOR QUOTATION_xls.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AL RAZZAQ INTERNATIONAL LLC REQUEST FOR QUOTATION_xls.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.geodata.my - Port:
587 - Username:
[email protected] - Password:
Geo8Asas10
Extracted
Protocol: smtp- Host:
mail.geodata.my - Port:
587 - Username:
[email protected] - Password:
Geo8Asas10
Targets
-
-
Target
AL RAZZAQ INTERNATIONAL LLC REQUEST FOR QUOTATION_xls.exe
-
Size
528KB
-
MD5
da359cf818fddd002cc5aebf3c91a73e
-
SHA1
9366b305a07aa4d8d7039b5e465e357eb53c13c1
-
SHA256
b857e54832e24ab26757b7c8c0651db70992ee11736fe995258538c9479a5402
-
SHA512
1f63fe2733cd1b6b66e65d633e15b189b094d5a17747f6587d1e2263dd64c12ab7dc8cb79f018c415f1fc732e89bf0df8367265cd024397338a9dce109f3b488
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-