General
-
Target
b695c89087761268ad9218c9c0096d2fa4cb98bfe5f21fb7b39f7578ace46dd7
-
Size
469KB
-
Sample
220521-nd9q7sdef6
-
MD5
9a1d6dcded8155952dcc6d0e6d929879
-
SHA1
839cfefc787d7ca06dac5086b7f0a4f1aedd3d75
-
SHA256
b695c89087761268ad9218c9c0096d2fa4cb98bfe5f21fb7b39f7578ace46dd7
-
SHA512
3e0f845ae103969423fdb94a565f68df4e7259070393a14e1bbad2088fa241aad4abe0ac6c665eff8f07fa24e465be54b44a8e85a6d943bb3f95490de86abedf
Static task
static1
Behavioral task
behavioral1
Sample
SAMPLE 1-8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SAMPLE 1-8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bnb-spa.com - Port:
587 - Username:
inform@bnb-spa.com - Password:
}iPxp@l#21aE
Targets
-
-
Target
SAMPLE 1-8.exe
-
Size
724KB
-
MD5
ca5fd2f3f61b748d5a8abcacd33ad943
-
SHA1
b224e29d3b8108c1451ed0e1e174ddfccc24b2a9
-
SHA256
2732809a2266963b0b178d398dac1788c82495737bcad690e0a17d392d4c08a0
-
SHA512
42481cf0c65f9e1f17de5afeef676ba9350c22db7b72b9c4bb0ff46edb0de3c7b35ae64becdb513fd120093803d46da3aa88b1998d061a45dc28b4fe91d0caeb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-