General
-
Target
5d813767b6866940a44739d59a658f3dfcc9c316078af93567cf7ef5b85e0b3c
-
Size
424KB
-
Sample
220521-nbyk6adde9
-
MD5
705b8483fd603fed14cf09def577afe9
-
SHA1
f8ab3dd9f8daf90653b1616f093b1275e3616872
-
SHA256
5d813767b6866940a44739d59a658f3dfcc9c316078af93567cf7ef5b85e0b3c
-
SHA512
0c6c806a02eb1a58fc686619d18e3d781f96d815f06bfbfaab3f6bafdb5b04b211edd5261659ad261a1123a253e52b30059dc6660ae805426787790a87944ad9
Static task
static1
Behavioral task
behavioral1
Sample
verified payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
verified payment.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bnb-spa.com - Port:
587 - Username:
ambibros@bnb-spa.com - Password:
tPo!47:glt$E
Targets
-
-
Target
verified payment.exe
-
Size
509KB
-
MD5
6676febfeb6d3406db3ebc03ad4f130e
-
SHA1
5cf62bb0fe32f028f4beaa319ce3562c850a7c00
-
SHA256
a146c15fea12b7c11eb1152c698c223d52111a51fd2c6a834d6a36ab36e20c0c
-
SHA512
8d773f4aecba106514aa14798ac73d314f07e54967350e25ab3674cc0152f26665a901eab8a783a3088f12392bbf14b89a7b454675796127cec35907a0f0cbb5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-