General
-
Target
0297de22b433fe7ecee63b5f80b78c4749bb8f4cfec0cd737713d87781d1db52
-
Size
268KB
-
Sample
220521-by5a1afgfk
-
MD5
e1bbf29e91649fd3a3c7a6b20a301860
-
SHA1
396d67661068020cc743b05e97df210b3912534d
-
SHA256
0297de22b433fe7ecee63b5f80b78c4749bb8f4cfec0cd737713d87781d1db52
-
SHA512
9111c7cc8dec1c0a010099ca97c1b25ca5ff2ad0cfc146b8c37749acb0dd895a2dea9203fe880c36a1466e40ed1e3dba2174dc30c7fe6ef940d5f54479d31db2
Static task
static1
Behavioral task
behavioral1
Sample
import_documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
import_documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.office365.com - Port:
587 - Username:
[email protected] - Password:
bhsusa714
Targets
-
-
Target
import_documents.exe
-
Size
395KB
-
MD5
22f207e5e15c4ec19b80e07fa45967b9
-
SHA1
7af28dc2d18281e450738b4a477cd14014458e72
-
SHA256
87c88de3a875c7997a34e00e8c7c97577f046332811dcef6cba7c33b37c42396
-
SHA512
5912b78fdc9b66639c5deb9d12e8b8aad4c404c6b2e919392e5032ee80a04e91e3cd1e4822ec6880fef0a2a830200a317ffb390745e21f0b0c697a00c71a3cd8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-