General
-
Target
9c49e4175821cea22f5edf0fa73415b0ff0779f7312c4cf14c6d88ae952654e4
-
Size
383KB
-
Sample
220521-cxlb6sefc6
-
MD5
338f7c04efb446b593f7823df4cb62bb
-
SHA1
7b9ceef10eeb2e2f4caafb08650b2cda6fa8e8da
-
SHA256
9c49e4175821cea22f5edf0fa73415b0ff0779f7312c4cf14c6d88ae952654e4
-
SHA512
010278bdedfa9e778bbd00b00fc7e53d89d8abf6409d3f34aa338459b5b3a25740c63962113398e71b010e1133479d723312925e1b8e1ea7f165f44efa4148ed
Static task
static1
Behavioral task
behavioral1
Sample
image001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
image001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
T@nkTr@ns135@$^6^
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
T@nkTr@ns135@$^6^
Targets
-
-
Target
image001.exe
-
Size
421KB
-
MD5
06bf42d97d201d12f72e8774eacd6f16
-
SHA1
417e7b5aee87389d551b78a73f0bc50c673bed5b
-
SHA256
c5a9b35e88c8854b9ded651caf716d6ecf5e30454859c4a664d2120145bccc67
-
SHA512
e6f703acd943798413ff377369ee396f111d17aac31a7338e45c71576be64c2ca867701c18e80047cb2d31f963ebb71071778a1b08a123a18e1f0e4b4d47bd4f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-