General
-
Target
db93281bd4a945c68b3707453c26e03ac3af34ca86a3a0688f0976a87263d4ed
-
Size
360KB
-
Sample
220521-ndyc6sdee7
-
MD5
94a42df32a1a00ab2357a7aa55462bba
-
SHA1
11943602aeedf220f09568fe75fe27cd2280e244
-
SHA256
db93281bd4a945c68b3707453c26e03ac3af34ca86a3a0688f0976a87263d4ed
-
SHA512
3efe1a1f0033f4bded6c2cdcc22f988b78f0dc46c5a786d6e9899c5d9e7300a12b84cad668224d15ac745c0a7ebea3f67b1d6c67f45efc51922b836bfa01eeee
Static task
static1
Behavioral task
behavioral1
Sample
Catalog.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Catalog.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
goksal.sir@prosoftelektrik.com - Password:
Wm^kN*!7
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
goksal.sir@prosoftelektrik.com - Password:
Wm^kN*!7
Targets
-
-
Target
Catalog.exe
-
Size
541KB
-
MD5
55fc79622bdd31e94159800de07c6be8
-
SHA1
552fbf2d941e428bcd168659ce661eac8bdd3c46
-
SHA256
be2fb2425ef52f34323ae8812ed5d855f7cc9a5e456fb2de82ec8b1164ee87e2
-
SHA512
3ca0deb3c39252a058e433bad83b81f8e5175d4ecdcd895081b11113f5018955b5d1b46c29d8121e62408223904d193b1776ec876837bf41b3cbf34e624c3902
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-