General
-
Target
24c1aaf05d9c072a31960965cf14f2fd6532e03a81afd0dd600e29e0f9f4952f
-
Size
345KB
-
Sample
220521-bxezqacfc2
-
MD5
198ebb1f364369314f5bab25073625f3
-
SHA1
0d65d69355d4db00f233445990882601be59df49
-
SHA256
24c1aaf05d9c072a31960965cf14f2fd6532e03a81afd0dd600e29e0f9f4952f
-
SHA512
6b3d107d0bfed6c2d9ee49743eba550e544b95474e9f3241abe0425222f707af3efbae4a9b85cf7c6d3d70586078038699387defc545348d3651394268e3f236
Static task
static1
Behavioral task
behavioral1
Sample
INV001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INV001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
!9aT1sz8?9SqN
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
!9aT1sz8?9SqN
Targets
-
-
Target
INV001.exe
-
Size
433KB
-
MD5
8653227bbe999935f8e9b088ceb39edc
-
SHA1
e210a370fd4fcdb72c097c17edef4b5afd726542
-
SHA256
d09cbb481136d7766db12c79dc6c82fee1eb89056d4e7b8bc989a7a5d38467af
-
SHA512
bbbbf945176804261628162dd13aa46e010e7ed1c6c46318743c4bbd912ae36ac660e2734d6a03384ff268a4bf12dbf67d1089eefb3e379793685bde90f256b2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-