General
-
Target
3a1869a3ad86bca973acdc80ccc9ae81735117dc0a29a584d5d1db0f8c09a1b0
-
Size
521KB
-
Sample
220521-n9lz1saafr
-
MD5
38d9cabb0f2627a11f2c053ff000f95f
-
SHA1
b67620f81796a566146b35ba9ad9bcb8979a77b2
-
SHA256
3a1869a3ad86bca973acdc80ccc9ae81735117dc0a29a584d5d1db0f8c09a1b0
-
SHA512
aaf52950080d60b8a1edbc6928c501c8c112ab8268da1fc41cc5af051fa00d6b0ad23aeeb14af2e5cf50bcc46577b47a06108ea41905e30be92f7458e9494e96
Static task
static1
Behavioral task
behavioral1
Sample
The details for your perusal.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
The details for your perusal.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.emailsrvr.com - Port:
587 - Username:
sanits@er.org - Password:
31081985@
Targets
-
-
Target
The details for your perusal.exe
-
Size
558KB
-
MD5
35f7b91f31292e3c9a4d187e9a4bd4b6
-
SHA1
00cf753c6fc011df51acf181cb6e79dc31f35171
-
SHA256
7d3068aff051388b3332905ca9a26a10a1cd96441e3be9d908cd839088cc9d65
-
SHA512
0b03a1f9efeb651a4f527d66d84572bad7fbb9a4379169910a2674fe54a2d1b19a36dc34cb54d71aa0c8a09b44035f6dd917041f17353e1d81dc31e62bc37bd9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-