General
-
Target
3087e8c2e22503d11763706f52ef0b9e02bfe90ea8bd5df0583ba4408f68370c
-
Size
582KB
-
Sample
220521-ncppmsddh9
-
MD5
3cc184d438a14cbe0b9d8ff7f065aec8
-
SHA1
27a0ca12ce550ff0e1347441b895c36420de5c62
-
SHA256
3087e8c2e22503d11763706f52ef0b9e02bfe90ea8bd5df0583ba4408f68370c
-
SHA512
c7acd29f5ad9e2ec0130f188ce33700f834c18ec93537d54f7ef148a851d19496f0f506f013cf9edbd6cc6e98ef524268b9542ca027f464d5e1861954360c148
Static task
static1
Behavioral task
behavioral1
Sample
3087e8c2e22503d11763706f52ef0b9e02bfe90ea8bd5df0583ba4408f68370c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3087e8c2e22503d11763706f52ef0b9e02bfe90ea8bd5df0583ba4408f68370c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
blessed.g231@gmail.com - Password:
cgdxtmmgaozhqjar
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
blessed.g231@gmail.com - Password:
cgdxtmmgaozhqjar
Targets
-
-
Target
3087e8c2e22503d11763706f52ef0b9e02bfe90ea8bd5df0583ba4408f68370c
-
Size
582KB
-
MD5
3cc184d438a14cbe0b9d8ff7f065aec8
-
SHA1
27a0ca12ce550ff0e1347441b895c36420de5c62
-
SHA256
3087e8c2e22503d11763706f52ef0b9e02bfe90ea8bd5df0583ba4408f68370c
-
SHA512
c7acd29f5ad9e2ec0130f188ce33700f834c18ec93537d54f7ef148a851d19496f0f506f013cf9edbd6cc6e98ef524268b9542ca027f464d5e1861954360c148
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-