General
-
Target
a6c02f2acd8af8b895519d6e064c950d47d33770a539484353d129fa555fda43
-
Size
354KB
-
Sample
220521-ex14qschgq
-
MD5
755ea4bd5dfc0aa056c8f69648ff8f32
-
SHA1
2c72c3bc534e9e0625a2aef1be5df580a7568e39
-
SHA256
a6c02f2acd8af8b895519d6e064c950d47d33770a539484353d129fa555fda43
-
SHA512
4c6898cefcddd53e9599e5ea549c6b96550ab1e5a31c69a0125314e1a0ecd8bd96a7b54a0eb2ba1f439b80e044760d99845547e40bf16bcc9870200ae7758298
Static task
static1
Behavioral task
behavioral1
Sample
Technical Details.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Technical Details.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
privateemail.com - Port:
587 - Username:
[email protected] - Password:
@damienzy.xyz2240
Targets
-
-
Target
Technical Details.exe
-
Size
427KB
-
MD5
f45b90ee156fcebbc41ee694e8714141
-
SHA1
a01e32250e4ae6096716b88ef1a81a936f5be413
-
SHA256
9bf584f64af278fb0a7afd8aa15c460e19e3263388bc896284712c7a07426eeb
-
SHA512
ab002fcc34b68f6670fa02257392e16327ee7ab6afa3da6988c24ebcf0607abae613f223cb58dff8ab9cc6c90bba112d0361496428492cbbcf9cd200fa009e64
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-