General
-
Target
cfbe31fb23e2883dfe7e375b40c17c8d666e44f3d814b44f504792000c2b54d7
-
Size
399KB
-
Sample
220521-nbe4taddc9
-
MD5
22d2033c9b8a7a30cbdf8f8e6ee60b8a
-
SHA1
42c3ba5c623f8687d0e902b76d8f06062bd8f80d
-
SHA256
cfbe31fb23e2883dfe7e375b40c17c8d666e44f3d814b44f504792000c2b54d7
-
SHA512
b63e05aa1f39ba08e0cdc418025bb657761956e356932e2f8c114be7d13abc41ce96de9c5311ca36306f1aefd423c26bb017431f8a7f3be33cd668c606e32e38
Static task
static1
Behavioral task
behavioral1
Sample
c635h0xsMSHcfHh.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c635h0xsMSHcfHh.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
accounts@emiraticoffee.cf - Password:
kelechi12
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
accounts@emiraticoffee.cf - Password:
kelechi12
Targets
-
-
Target
c635h0xsMSHcfHh.exe
-
Size
484KB
-
MD5
52115771fbb6cf6c19efa25341659cc9
-
SHA1
c8467e8567e39b6ba7b854ba616fb2d6b1ae6dcf
-
SHA256
56d3195601565b122137b9d48f27db87d1cc83da7f5aca7720d128cf2044cefc
-
SHA512
fa38ef613adc5a4344ba469daeef3336629465def1eb24dc71cf3d45d90181d096c49c2581ecf1dc5e002b06658e8bfab4f4c1c57d1b9fda1971fc22c607ec00
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-