General
-
Target
fbedc5b76960c5b8b2fb801261a4ef7dc0047bf3f1d65258852933860b9a13e1
-
Size
1.2MB
-
Sample
220521-d7xzdscabj
-
MD5
7ad1780e4d1efa87d3cae825f7ca80ab
-
SHA1
7db8eb9773e306882eebaa2c2f4b147267646fcb
-
SHA256
fbedc5b76960c5b8b2fb801261a4ef7dc0047bf3f1d65258852933860b9a13e1
-
SHA512
25df279fee98ce9f5b3697349524d59ff6e60e1fab68afe4d1d17e837dfe6cb6d0ff61e37892523d1e27c691b7e1387c98c81f3fb431a036f93a849d94228996
Static task
static1
Behavioral task
behavioral1
Sample
87400934.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
87400934.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.emacoglobal.com - Port:
587 - Username:
[email protected] - Password:
o,=e*;ke-+W{
Targets
-
-
Target
87400934.EXE
-
Size
524KB
-
MD5
f6c07bd6d47560c6340b92253e66fdce
-
SHA1
e7a156d2d7f8d2c1620550b2efce283cb3861e6d
-
SHA256
57e06d364efb34c1e83e57e1bebf4bfe796bfdebfede5d8ad6c9235b99954043
-
SHA512
23264b2b25d1b209bc26d9c46199ee0d00b33f7624a9a31dae15a5e2a252b8599705d89c245860b9ff63aa9fea3506bc5de68ac7264c39f74ac9f482755dbc31
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-