General
-
Target
b38487fef8c960c6c8509c818c0ffa0d02bfa6a680e4ac6ce37f12bd92a91aa2
-
Size
569KB
-
Sample
220521-neay9sdef8
-
MD5
5fce68cdeeadf54bce5500025fcc27b6
-
SHA1
d71235725efecf9bd4969669caf363af68f11639
-
SHA256
b38487fef8c960c6c8509c818c0ffa0d02bfa6a680e4ac6ce37f12bd92a91aa2
-
SHA512
9d7404a3eba7aa274356a79df6580f9bb0d16565ddf77eebea999f496d302e6c727787f0e5f36e40a55267c69ab9d672f213109e3e59d0c365c8218a77f3d570
Static task
static1
Behavioral task
behavioral1
Sample
Ref PO-11059021022021.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ref PO-11059021022021.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.a-k.co.ir - Port:
587 - Username:
info@a-k.co.ir - Password:
09133434194
Targets
-
-
Target
Ref PO-11059021022021.exe
-
Size
766KB
-
MD5
1fa49b774bfd6ba8ec8110dfe0c45869
-
SHA1
473e799c2afb44aa3974cb5e53cf566d39853ca6
-
SHA256
67d526d5e89374e02bc689f5330411add8de9f12aac2e936ca665c426a5c5bb3
-
SHA512
6742e861e1dc147930fc6763ae3de0ab7af43b27698d56a92fbe35e51d1a5796580d1f21eff7820bbce8065d8bb94ebe718094c85bb4d0b32d6744b29bc59f5c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-