General
-
Target
9c02692646d031a6f8b802915aa1f971445b78946352c866d3cd671259e01dc1
-
Size
449KB
-
Sample
220521-cxn33aefd2
-
MD5
e3f6637757e07fa71327c1392d2d1e9d
-
SHA1
1baaa5c0837e1b9da028aa1ee5a4949a41324f46
-
SHA256
9c02692646d031a6f8b802915aa1f971445b78946352c866d3cd671259e01dc1
-
SHA512
e78de51040f260ad001ec0ed3a2580c1de56b5324ee61e6d7c39135bf44f79d93afb4e62b751f3d77a644c43b2545ae599585855e13d557343ebbdd4ddc076db
Static task
static1
Behavioral task
behavioral1
Sample
TT-Swi45646-Printout-Pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TT-Swi45646-Printout-Pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
*7BFOjey!nvc]
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
*7BFOjey!nvc]
Targets
-
-
Target
TT-Swi45646-Printout-Pdf.exe
-
Size
544KB
-
MD5
5ab4a54a4b071334096ae5fd87ad4840
-
SHA1
9bf8bfe4d451916434fd90270bc65b78c01a0d5d
-
SHA256
78421571ed40c04719354b6c325569c68109356a6f63ec038dd14060700e8b3a
-
SHA512
3352d2482e0273251b8aca9605a4fe0471d26bceef836989ba241d071f247093e1a36c3ff6b477f12040e19a0ce75e8fc13ebf42f53f4d49c2f305563fcc9be0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-