General
-
Target
151bf56f5da3e76306f146ba90333386eb3f14839f3199735eea80749ce035f2
-
Size
410KB
-
Sample
220521-nfv1tsggem
-
MD5
0961cd46d13aa42d14f6f14cb1b419a9
-
SHA1
f0b1cf2129ace3bc75a92aefa8f2fc30869aa9bd
-
SHA256
151bf56f5da3e76306f146ba90333386eb3f14839f3199735eea80749ce035f2
-
SHA512
ccfd7e129d1f89c7294d2f0fa1f511df571b4de37b0ccb4f1d22ec72fa92a2c95c421601acd309eb8717ad398479f70121b884ae20758712aeea6bdb5c2ee119
Static task
static1
Behavioral task
behavioral1
Sample
HAWB.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
HAWB.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.amexworldwide.com - Port:
587 - Username:
sujit@amexworldwide.com - Password:
sujit@41#
Extracted
Protocol: smtp- Host:
mail.amexworldwide.com - Port:
587 - Username:
sujit@amexworldwide.com - Password:
sujit@41#
Targets
-
-
Target
HAWB.exe
-
Size
452KB
-
MD5
eaf985c0eb8a9c436119ca8af874be43
-
SHA1
182134a428a1d4315fc6beb65a0b7bd26d9da2eb
-
SHA256
0bda8bd9d8c9d180eae8ea9ff4243a1db0bce2c3e3cbf69581f122b1ab1997b6
-
SHA512
dcc0acb6d600853ab7a92b76940ba2241fb28b722abcf30ea89e094db5dce989598abc200761cd61703f357df1f8be43b862937c469639862bc66da758292662
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-