General
-
Target
9a1fe109cc71c5f016183bef4ec80272825bd98b4316e1da2524abb3a89cb054
-
Size
643KB
-
Sample
220521-cx52kshgbp
-
MD5
0aca9a64f3b19c03282cdfbc31dbab99
-
SHA1
9d6839aaf2736bec20b4c87c943369ac706e3105
-
SHA256
9a1fe109cc71c5f016183bef4ec80272825bd98b4316e1da2524abb3a89cb054
-
SHA512
9f2a1ce354aab3f7c0777c5959d04da989de470eb5bbf5a96290227f4a0f374c763dd6bad1c4ff1639f57da85b01d1e88440e6b52473862e67b31695fe5f2d55
Static task
static1
Behavioral task
behavioral1
Sample
Statement of account 06 20_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Statement of account 06 20_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
temp20182019
Targets
-
-
Target
Statement of account 06 20_pdf.exe
-
Size
841KB
-
MD5
cf36c9116111d2a83722602bdcdf37b9
-
SHA1
296d1aa1435da3ed555ac5368988251f078e962e
-
SHA256
f1634e4db9eba49ff284640fdb8348e96a95267d1759346f078d9144f97f8aff
-
SHA512
cf6063feeabf72ebf54e7c341b67d52c2f59b7ed5c295e03ab7c56ff7b51a2b342077dba730dac2b7b243f3f8069149aade36249164fefb7a817e3e0493a1590
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-