General
-
Target
248f158d0be4760bb64740a7c5d73b21502fd6e177f6a9cb543fcf92c27f43d3
-
Size
397KB
-
Sample
220521-bxfk9acfc4
-
MD5
e73e473d95849ac73bdeb86c84014a25
-
SHA1
529f9a4b2cf9b2256013893afc39a9d4f7373d7a
-
SHA256
248f158d0be4760bb64740a7c5d73b21502fd6e177f6a9cb543fcf92c27f43d3
-
SHA512
0b024512d5402affc9aa36a3525e96728de95dc563109a3eafa18c3d56c720404d83034b435b8fd6d0ef47607bfed9ba1f251f6398084d126599340e9ee50102
Static task
static1
Behavioral task
behavioral1
Sample
new_PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
new_PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ab-care.eu - Port:
587 - Username:
[email protected] - Password:
bayar@2017@abcare
Targets
-
-
Target
new_PO.exe
-
Size
435KB
-
MD5
1598fe2f01ebb7d03dd1513e4fb80ffd
-
SHA1
8bb4691785e5723c41daf61d44213d571a0b762b
-
SHA256
90d9c3dff4b28c843235e900ddf5a72b4db361c14b8ac486e871196e434df3b9
-
SHA512
a8507d7e0211dbad826e1fbbdd7f009d8cafd484b034d810c95514606de46ca66a29caf3eb2b1483236f347a365e3294730a123f6d04fe5a0b4d7b51e71bf61c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-