General
-
Target
30fe459f5e08e16ce1b4767bc7080f614fb68b07996eabdc342f2ad2e29e69d1
-
Size
327KB
-
Sample
220521-n93b1aaahl
-
MD5
737577ba0c05ab3b290f1fa45a174371
-
SHA1
1be96f777117fae958240b7a69471fb4b8292e30
-
SHA256
30fe459f5e08e16ce1b4767bc7080f614fb68b07996eabdc342f2ad2e29e69d1
-
SHA512
ab9a7f2066203cce8bbf17ee7e9cc6bc1e982ff4a3630b5ca3eb774eaba747fff41171f1748d1f7610292957db05146640e4bcc23e70531d29a55799973c1bd3
Static task
static1
Behavioral task
behavioral1
Sample
anoop-image.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
anoop-image.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bnb-spa.com - Port:
587 - Username:
inform@bnb-spa.com - Password:
}iPxp@l#21aE
Targets
-
-
Target
anoop-image.exe
-
Size
380KB
-
MD5
c6a87ef3094310256f6bd31b4042f0d2
-
SHA1
66788fdc33456b12d4c143ae3ba7cd177871b2a3
-
SHA256
9c96c661ea6c6727f05c88372021bb8abad1fc17cb3e0253eed15d1cd15c1b67
-
SHA512
0411e1f5ff3411c0cf31011f7ad4b0a133afafdb6dd37bd25948e22b10134d368a47dea6c79eea929dc9232a8e9d8afa602e286d480849ff84c75123d379e28c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-