General
-
Target
09cccd5cfacbd5bd098ac4e9764afb2a1f83e0f255ac7ad28dc05819483627d3
-
Size
381KB
-
Sample
220521-byrd5sfgdn
-
MD5
4ac82f1286eeb2136bd975a4f194e474
-
SHA1
c08a1222397986194979d4cd57755cafd67a4f2b
-
SHA256
09cccd5cfacbd5bd098ac4e9764afb2a1f83e0f255ac7ad28dc05819483627d3
-
SHA512
724bf86d2b58ae05d9d8462622810e10421e753fafdf7ace623383bd67fc05ef6844ac663d0d49f65fbc63068cafbec9868e608ab1bb424f763ae30e07e6bab0
Static task
static1
Behavioral task
behavioral1
Sample
Account_Details.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Account_Details.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquariuslogistics.com - Port:
587 - Username:
[email protected] - Password:
AQL@2019#$
Targets
-
-
Target
Account_Details.exe
-
Size
437KB
-
MD5
615bf96891a61c261995f100b65f5097
-
SHA1
2e160435fdb8407bbff4ed8d71bde0f317365a27
-
SHA256
1fa1363c857cc46f603a4eff38b86058b80ecca1f554c65e943f94725b5c2570
-
SHA512
720aa5e9b33b9a06cf74c36f64acc3ba57c5bf3910fa253a5d3194233edc6c024383dcc13f39b49328279196c1e3b118151cc00f8dff5cd7028688d01eb24f64
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-