General
-
Target
afe952920d9aa2aa21f0d361b42a6ed91ecf28128d040f5c8dfa3e0e833a6e06
-
Size
527KB
-
Sample
220521-ncvwnagehn
-
MD5
71745d26a170b2951bc7185b6024949b
-
SHA1
4fb951e731afe74e8dfe97027b34559f1d80883a
-
SHA256
afe952920d9aa2aa21f0d361b42a6ed91ecf28128d040f5c8dfa3e0e833a6e06
-
SHA512
d6ddcaafabe9b8790c17d08ec97a250dfb8eeb08e1cba282055d6ecdfedcb94714c41829433ac035ae31db54b2a9ccc6c606de4f650268716c66e20a565ceb06
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Inquiry Datasheet Of Listed Items.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Inquiry Datasheet Of Listed Items.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server122.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
OJZg,yx3yFHQ
Extracted
Protocol: smtp- Host:
server122.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
OJZg,yx3yFHQ
Targets
-
-
Target
Purchase Inquiry Datasheet Of Listed Items.exe
-
Size
751KB
-
MD5
98946b57d66c04e46436391548532eb5
-
SHA1
1714075095b72a5d65299c2ffdf50fce6373f0b1
-
SHA256
c1f797506aa00305f7d7df4ef9933904a58c03c7da3f5a20f9087279ea71a1d6
-
SHA512
eab717b0e5ae002e3291f30fd10af7b09d259ef1bc74a688d7f88ff6d2463a89998ddef5855830187e8a9e6055bcc7a5f2933f86ba6811f61ed3142595a02869
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-