General
-
Target
b0f89d59febc0907d2dadaaddc90f5a236cb1d876fdb7346139aa9d8ee3babc0
-
Size
788KB
-
Sample
220521-neb7bsgffj
-
MD5
9d95ccfbd0be1c57c5caf71563a906c6
-
SHA1
58cce964420c9002a4dc31b025ab042daffc2279
-
SHA256
b0f89d59febc0907d2dadaaddc90f5a236cb1d876fdb7346139aa9d8ee3babc0
-
SHA512
30fc3ecad27a58564171e59922047416e8fd3119412789ceeb8dc36f0089c2c93c0c2a6c88cd684d598b9c58e450596266fb4721d015a745383d993a80d28b6a
Static task
static1
Behavioral task
behavioral1
Sample
b0f89d59febc0907d2dadaaddc90f5a236cb1d876fdb7346139aa9d8ee3babc0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b0f89d59febc0907d2dadaaddc90f5a236cb1d876fdb7346139aa9d8ee3babc0.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
biggod1234
Targets
-
-
Target
b0f89d59febc0907d2dadaaddc90f5a236cb1d876fdb7346139aa9d8ee3babc0
-
Size
788KB
-
MD5
9d95ccfbd0be1c57c5caf71563a906c6
-
SHA1
58cce964420c9002a4dc31b025ab042daffc2279
-
SHA256
b0f89d59febc0907d2dadaaddc90f5a236cb1d876fdb7346139aa9d8ee3babc0
-
SHA512
30fc3ecad27a58564171e59922047416e8fd3119412789ceeb8dc36f0089c2c93c0c2a6c88cd684d598b9c58e450596266fb4721d015a745383d993a80d28b6a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-