General
-
Target
991a9408b15bec9a534018b66b5f6df88378ce97978e126eefb1ac4838a360cd
-
Size
595KB
-
Sample
220521-cyd99ahgcn
-
MD5
20c7f9f627953822329995435ed44e31
-
SHA1
dce826d85f520cddb9e9193c08ad0cb16a4925a3
-
SHA256
991a9408b15bec9a534018b66b5f6df88378ce97978e126eefb1ac4838a360cd
-
SHA512
aef94f2e809df1e7710f144e5d1a7c7a0fd39e8c4760e3cca69e4b640c27c07f3dfd8f79f49a6b5995a64bca66d950f349917aaba74bd76fb8e33c2440337a11
Static task
static1
Behavioral task
behavioral1
Sample
Bank Account details.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bank Account details.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tejoofashions.com - Port:
587 - Username:
[email protected] - Password:
OmiCron#2019
Targets
-
-
Target
Bank Account details.exe
-
Size
756KB
-
MD5
64231b9e4dae263a4b0d5c46afe46bc1
-
SHA1
4c62c7ede992517a58daafe35367cb1c2f8b74e1
-
SHA256
4363d2320266f58ce9011c5ed32b16429156d92762ed01843f57eb02bd71aa22
-
SHA512
9661a56a97696eefb2ef1d2157b07eb144c443083f1743e13f4595fdc7749071d89feda8933d265faac04c920911321d4d75084f8841757bd9e273a68b433548
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-