General
-
Target
992602250752df5087c5c3c17d690b73e368f336e77559a3cb102b8c80fcad47
-
Size
263KB
-
Sample
220521-cyc27aeff7
-
MD5
495f346fbccd1bbd081a05e5f9a98717
-
SHA1
e69080f0f69d897d4b39b837ddc03c95ffebebfe
-
SHA256
992602250752df5087c5c3c17d690b73e368f336e77559a3cb102b8c80fcad47
-
SHA512
8f8e2198d352c1b064d2f0c5f1af276a85922a1129c2faca53926f7130fa6762e162b2a6f5a6478cab1ec3b09c1165eaf9c497df957899f080508b2d36bde081
Static task
static1
Behavioral task
behavioral1
Sample
New Po.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Po.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.chennairealty.biz - Port:
587 - Username:
[email protected] - Password:
Mp@123cr
Targets
-
-
Target
New Po.exe
-
Size
740KB
-
MD5
41661d4ec98347e7359621a526e7e976
-
SHA1
e35dddbc0fbf97a94257039941d6910ffc7615d4
-
SHA256
ffb914ef6c0c0b2077f019be5f0fc486ff611af6ba5922bb4f9a44e57565b77e
-
SHA512
e84e99a942e93892e5b5d4ceb762f2a8cdcd8926ab62b3d74a0f0c96cc33297d84700e2b2464d327ecf0de887b068444a594bcf1ce0ac1235705ec75724973e1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-