General
-
Target
9b74432ca2ef952dd316fce4115e223155fd773ef1af8e6202057dc6ff065aef
-
Size
376KB
-
Sample
220521-n3zbrshfgr
-
MD5
61f8c4bc6108fa1f52cb663f25bbf6b2
-
SHA1
b351f4a7c4ec9e1a644786a72641347fb7004fb1
-
SHA256
9b74432ca2ef952dd316fce4115e223155fd773ef1af8e6202057dc6ff065aef
-
SHA512
7d9253d41dd20c7e0591a22ab75bb748609be863d87be437ab6ff89a8ec1130092504dd9370090944347c81f94f1bb51b0d84c68e3093eb0f64473095e4d9576
Static task
static1
Behavioral task
behavioral1
Sample
BL Draft Copy-shipping Documents3-12-06-20.EXCEL.XLS.xlsx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BL Draft Copy-shipping Documents3-12-06-20.EXCEL.XLS.xlsx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ibc.by - Port:
587 - Username:
[email protected] - Password:
QWErty654321
Extracted
Protocol: smtp- Host:
mail.ibc.by - Port:
587 - Username:
[email protected] - Password:
QWErty654321
Targets
-
-
Target
BL Draft Copy-shipping Documents3-12-06-20.EXCEL.XLS.xlsx.exe
-
Size
408KB
-
MD5
f7bb48793e8d292597ffd8e8782bc597
-
SHA1
157cca571614e2cfcabf4ced974869bc8ca1c41b
-
SHA256
f027cf4d4648d73779ecd0126f3a7bdfd7621d8a7846cac4d6515ac1a6442be9
-
SHA512
cd55240f4c9f9197cd5073e5937c5f2eb9794b167ae7727286443b5d8dfeb34464fdee8b7183d630f066d35ae0a007c8bc56f3a63750c7f42241a302c2684196
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-