General
-
Target
431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13
-
Size
425KB
-
Sample
220521-d8j4xscadm
-
MD5
83eb9c848e526c7a3dfdb6c9d8934c58
-
SHA1
f8dd8a39f3219030998b4f8d0e17a054352873e3
-
SHA256
431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13
-
SHA512
5b0dfc8357feca808900876accf20d39bfadcd218e30000b85c2b9d887f4550e9f51e627ad9a07ab9f8de1aae693c5521ae3cb79ebc6dfbe43a9151c0f70e82a
Static task
static1
Behavioral task
behavioral1
Sample
431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13.zip
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13.zip
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
pi-updated.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
pi-updated.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
hlw1billyruseller
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
hlw1billyruseller
Targets
-
-
Target
431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13
-
Size
425KB
-
MD5
83eb9c848e526c7a3dfdb6c9d8934c58
-
SHA1
f8dd8a39f3219030998b4f8d0e17a054352873e3
-
SHA256
431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13
-
SHA512
5b0dfc8357feca808900876accf20d39bfadcd218e30000b85c2b9d887f4550e9f51e627ad9a07ab9f8de1aae693c5521ae3cb79ebc6dfbe43a9151c0f70e82a
Score1/10 -
-
-
Target
pi-updated.exe
-
Size
523KB
-
MD5
d315077101721ea6f53140afc941eb10
-
SHA1
6fd80227a05baeae629e9feee67b45b1b71ba0f8
-
SHA256
2a19861b5542b7a76129c027376c7c3902e38ab5d9914722af6b13eff1a28973
-
SHA512
c0ef129c68a95cd02235bcefe750711d6e6627e2287999b8076bd326af456121e77bf6220a0bf59e8bef4a9464295b4605c88f9af70e9aeb0be694dfda3ececa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-