General
-
Target
a939603d2e808fbf991af694ed0dde943ce64232b1d9a23ca695bda945c1e602
-
Size
263KB
-
Sample
220521-ndhmqadec7
-
MD5
5c4cdfc29bd26d4b6b147ccdd5850b67
-
SHA1
89a001add43c0f5a60739df56dfd48e6fb69c305
-
SHA256
a939603d2e808fbf991af694ed0dde943ce64232b1d9a23ca695bda945c1e602
-
SHA512
2f555c55be36183b8711821b62e5bd1ebbe626f7b1b0ff887b464219b31090aa06c5d560569efa449f5499cd711c3f77e291ae5f489f37c1cbc6e75cc9e3264c
Static task
static1
Behavioral task
behavioral1
Sample
Scan00908.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Scan00908.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.miomantenimiento.com - Port:
587 - Username:
[email protected] - Password:
mariocastro
Targets
-
-
Target
Scan00908.exe
-
Size
613KB
-
MD5
d5f5de6945365b8634d369175419904e
-
SHA1
fc4e930923f73e41859ad67aecb822fe50caea75
-
SHA256
4bcc140ce0b15bd7798da9c59b52ee6eb79b3f60ffeba99e7c254885cb84d056
-
SHA512
a4f2a9f6fb3387cbce25f6bcda6458129109a6ddfc2f06e51a71b0d7f080598209b6a89b400d4c471b0d9feb972635c4b46bb9786264903348f38b22bedc734f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-