General
-
Target
d529d651b788dbe02b3b3b950fe52786e4976e6f63c5e7ba7029e29f8cbd9066
-
Size
509KB
-
Sample
220521-n869kaaaej
-
MD5
fb8eade80c7ef8e9477c86e39a98f421
-
SHA1
e748dd5b7ce2b090c91217c432be8693e8ff931c
-
SHA256
d529d651b788dbe02b3b3b950fe52786e4976e6f63c5e7ba7029e29f8cbd9066
-
SHA512
4421ccb2341e117248b86e334b01c1fc2132df855ef33768a6760e5131c507d01ed07e71e1277598b69703cad057ec46742cb7e0144a07a53645957c2a51f319
Static task
static1
Behavioral task
behavioral1
Sample
PO#0010710619_&_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO#0010710619_&_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
john5on.muller@yandex.com - Password:
41k2c4yfVG
Targets
-
-
Target
PO#0010710619_&_.exe
-
Size
547KB
-
MD5
abf87baf38d5003e0e69b83289444917
-
SHA1
5ef6045701689fd8852e3eae580261fcd81e1d5d
-
SHA256
ae402313cc96abc092b41ad2fe8f3b8dd5fdc9c75141dcec97619e8e90a43867
-
SHA512
1ccdff2c0da62054c4b4be602b377f3d8822d6901b763f2ff17a8979253557221efe365e2afb89a9ff2f107f16ceff68a25050a62f45f4a55de0a7a2bdc82d26
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-