General
-
Target
9aba5440c61738a9c4fd5987c530f7d65d4091ece834f741cdd103ebb50867f7
-
Size
417KB
-
Sample
220521-ng6tqaghbq
-
MD5
ceecaed72ead9ebcdb8b0026334bbb6d
-
SHA1
b6430ed80cb83598c425750f28e059ab1265edbc
-
SHA256
9aba5440c61738a9c4fd5987c530f7d65d4091ece834f741cdd103ebb50867f7
-
SHA512
084d3221f7434b963a2cab2a2f5982428d291a3e062dcdc2f6e4e723123827a2960284dceb499acd95dda35be9af17b961d92f331b65bd03a20bd979832b9e2c
Static task
static1
Behavioral task
behavioral1
Sample
Order Inquiry -CZ-130520.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order Inquiry -CZ-130520.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
info.ledscreenservice@yandex.ru - Password:
OGOM12345
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
info.ledscreenservice@yandex.ru - Password:
OGOM12345
Targets
-
-
Target
Order Inquiry -CZ-130520.exe
-
Size
468KB
-
MD5
96a4f8cd9d91fc3525341d47e260b12b
-
SHA1
ea9304a0eb3a0ad3828a8321d1af64f87aaf76b0
-
SHA256
1529cc99d5896fcefea1802d4633d78f86e3184add5d7e451ea4f437bd451b17
-
SHA512
1db43f635d06ea26dc3ca86e0fce2e55cc21ee8aae24cb9d07e0c3ddc26fe1987b6892240659a59f38ba2a1c2ecb3754c17bd2c201544450e12fba9a112ae9b7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-