General
-
Target
0248d76f25d67192768d6b3c9cc35202c8f567e0ce77012e24ad37e33c4faf37
-
Size
375KB
-
Sample
220521-d5mqmsghb9
-
MD5
498658b0fd4e26ce604d8057f3d22faa
-
SHA1
01c4898feafba520fa8344d6c0bf57c399d8d7c2
-
SHA256
0248d76f25d67192768d6b3c9cc35202c8f567e0ce77012e24ad37e33c4faf37
-
SHA512
bfbe6a104f335a762ae40db85c3346c419617073c64e82e9db6072c16bbeec99400e0ca2c77ef6130a47ad6e7a1d7ea8c7c1c21afbc7508cd16f39ecd3ee9ea0
Static task
static1
Behavioral task
behavioral1
Sample
Fattura accomp - Invoice 1028 del 19-02-2020 NEW WAY MIDDLE EAST FZE do....exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Fattura accomp - Invoice 1028 del 19-02-2020 NEW WAY MIDDLE EAST FZE do....exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.israelagroconsultant.com - Port:
587 - Username:
[email protected] - Password:
israelagro@123
Targets
-
-
Target
Fattura accomp - Invoice 1028 del 19-02-2020 NEW WAY MIDDLE EAST FZE do....exe
-
Size
428KB
-
MD5
6afdf426be2106f66c8ad0dd5295a94a
-
SHA1
10cc14ab3cefd6175dab97c2f8d5bc2a8a88b02b
-
SHA256
18907aad4da3ed933bd68340346b21e23b3e0b5df978f01a99c195737f09db99
-
SHA512
4349569a571fdced6a54479fbbeb3a9d2baeaa7f4c85d48917306e4b5f631c2facf225cc563be9e345ba50d000a5c7534a5b3bcdcbe97f0b532d3dc37ee05d3c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-