General
-
Target
9a601107c87607a8f3d9a62d7cb31e854900928f8531b277cffa9c64f1d6ee97
-
Size
1.2MB
-
Sample
220521-cx3lfsefe5
-
MD5
ae98883d27292934c0a7545674c5bbeb
-
SHA1
5025bff995ac3aaf30650fd7f05b1f7277864c2d
-
SHA256
9a601107c87607a8f3d9a62d7cb31e854900928f8531b277cffa9c64f1d6ee97
-
SHA512
83b985f5b8bd7c06b99f8be7d687c8ab2bae23057827d60053338ac40a7df0d4abf468aa9f044fc92fe852c5b16fd51f8c7d7b89cfb6cc819d1aa4cb4015b2e9
Static task
static1
Behavioral task
behavioral1
Sample
Z0UOPCXA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Z0UOPCXA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hora-ro.com - Port:
587 - Username:
[email protected] - Password:
tanga333
Targets
-
-
Target
Z0UOPCXA.EXE
-
Size
492KB
-
MD5
72b8a7779d24ee9906acb0f79948f79d
-
SHA1
09c9e33746a8450d0ee89716229601d15b76a2ff
-
SHA256
3a0e13616cadfaa90cd712e7dc4c5ef6bd3526e7fb404e28706bf485f70c499f
-
SHA512
4bd05804aadc744562e49352b66c0381172a53cfd960616fe7417764a739a96cc17aac4cf0907eeb6e944005f1c52cef1340a6f64e8c48db21891e06362d06c6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-