General
-
Target
006c44f3be8c5386db93ce002df488496970d49e2a02460a412891a32ca8bc35
-
Size
396KB
-
Sample
220521-d526bsghd7
-
MD5
b0d137fcee1911b01658fd0d365975d1
-
SHA1
38f4bc3b9aefc348681cbd0fc3cb55b5e936e33d
-
SHA256
006c44f3be8c5386db93ce002df488496970d49e2a02460a412891a32ca8bc35
-
SHA512
0817f845f721d9d4ac8bd0fd339da39d7e19e3d29e248d0d8a02f9bfbd77e90169afc2864d6af742c4c9e83f62f34528cf5ff04532d4a6917b9f77705ef33ad6
Static task
static1
Behavioral task
behavioral1
Sample
Outstanding_2019-20.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Outstanding_2019-20.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pro-powersourcing.com - Port:
587 - Username:
[email protected] - Password:
china1977
Targets
-
-
Target
Outstanding_2019-20.exe
-
Size
430KB
-
MD5
d05aa23160135954f7c299417c180a3d
-
SHA1
092b8174bdadbee284b574cf9fd1c9c50e195c12
-
SHA256
7ad0932d78113412ba4404ed897c0981f8582886940866f7908c07d99ee077a9
-
SHA512
322679ef529e5f7436efd8174c5852010eae7fe42e09ac5b39a51d7c407ba6114cf84fba9890ae275f3220a8c8a48b2f998805b86a8c731e03f3925dbc3cbbf5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-