General
-
Target
a7ff5be3211df050ad086986b11dff78c88bbc54e2c08d4f18752cf0e291e1f3
-
Size
385KB
-
Sample
220521-neg3ksgffp
-
MD5
9e01fdcb01584f9fe74fd49ad5de223c
-
SHA1
061dea74a323dfb4c6f1e0698b1516694b198b40
-
SHA256
a7ff5be3211df050ad086986b11dff78c88bbc54e2c08d4f18752cf0e291e1f3
-
SHA512
b027332b16a14657f0d463ff4aada3c754e61e9250281aa31af29a989910160eb91d9cf9a15fb3eecdf3d7e88505dda1b1acd62e86f86173d3b1193c611bbc03
Static task
static1
Behavioral task
behavioral1
Sample
WanvTh7JU7Wk7rS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
WanvTh7JU7Wk7rS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.macrosyselectronics.in - Port:
587 - Username:
[email protected] - Password:
@prosperity1@
Extracted
Protocol: smtp- Host:
mail.macrosyselectronics.in - Port:
587 - Username:
[email protected] - Password:
@prosperity1@
Targets
-
-
Target
WanvTh7JU7Wk7rS.exe
-
Size
588KB
-
MD5
47259fa7286232982da2ffaadfcc8f5a
-
SHA1
d3a25ee4ceed8f8cb56484c7c08649079f35f4c1
-
SHA256
2309aa4694a2bf38f32daaf9d90dad4a50aee5c98bb5fd0e868aa02e44f6f2ed
-
SHA512
c0278c87d94a836cd2dc6d2b3e385f6163d30d3c769e42645a583083e386032a5307c24d989376ccf1d00c2ccf7ee468e96ff60a46aa79bda872e2dcb2229c9a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-