General
-
Target
ebe07312b9bea5733cf5e1dc3259e803364d9646cc0d02c2c6b97b60e69aa7af
-
Size
490KB
-
Sample
220521-n5by9ahgem
-
MD5
537d32d9d423cab82a8ef3cd97dde372
-
SHA1
88ce596aef45a4dc12834abfedf989775d0e7bf4
-
SHA256
ebe07312b9bea5733cf5e1dc3259e803364d9646cc0d02c2c6b97b60e69aa7af
-
SHA512
6ff7dedba0a12e6fa63ed42291ceedc26a62f4c251f1fb6ee2c9cde0040050614150c18ab6ac0b79801a7854709be66027b4893254ac0568eca17dfb58ffae81
Static task
static1
Behavioral task
behavioral1
Sample
paalala 06-10-2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
paalala 06-10-2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.tde.ro/ - Port:
21 - Username:
[email protected] - Password:
playboy123
Protocol: ftp- Host:
ftp://ftp.tde.ro/ - Port:
21 - Username:
[email protected] - Password:
playboy123
Extracted
Protocol: ftp- Host:
ftp.tde.ro - Port:
21 - Username:
[email protected] - Password:
playboy123
Targets
-
-
Target
paalala 06-10-2020.exe
-
Size
549KB
-
MD5
378d98fa8a84c02a913c9015487400cc
-
SHA1
d564b54a48c63e9852e3125a8a4ac5146f660607
-
SHA256
c294055fc17f972d5bd6ca0dce65c44b4233b4fdce6b06d61fac422fc3882f1b
-
SHA512
408d12c48b412fab3fe880c1c3dbba368fe0f888ff6710458fa7e0f62e80feda58515c8a1c49d9b714913461725165297e3680c7d21be3ea369f0e14a0baa0dd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-