General
-
Target
dcc41a696bd3a288bab35e1ee6448d6a9171514b2ad737257198a775a7b96dc6
-
Size
481KB
-
Sample
220521-ndxrmsgfdp
-
MD5
181bfc51a912a8ef756ebccc7a8523db
-
SHA1
4f78adce22400445e98db661b1efa22345206cfb
-
SHA256
dcc41a696bd3a288bab35e1ee6448d6a9171514b2ad737257198a775a7b96dc6
-
SHA512
248997c72bfa92548da06de5573da730b6a584f773e02da9b7cbca0b06ae0d65191616de73b0b69ca62cd0a9a5e0bd612099a9dab790db3fe0513bf4e3862c43
Static task
static1
Behavioral task
behavioral1
Sample
purchase Order NO.8909w4vvy..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
purchase Order NO.8909w4vvy..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bnb-spa.com - Port:
587 - Username:
[email protected] - Password:
tPo!47:glt$E
Targets
-
-
Target
purchase Order NO.8909w4vvy..exe
-
Size
583KB
-
MD5
b928fd1ba01bd33342b2462fb6e55947
-
SHA1
f5d165fcbf2075bedf5a3f0cad36781030d8dcc9
-
SHA256
4c09fce4576481f55dcd4cffbe780d90867da332a6d86666831496fa33e36b84
-
SHA512
346c7236c5ae67932261483708fed85031ee62c97cd35e7348fb875da794fe0d5d05eee8f979eece0e92578caab8b9cc8859398cfcbd7aca89bed9d361f1d44e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-