General
-
Target
257f8e1fa9214a7a17eb12572d6f0312f64d45cac76c870fb6f2fbee003fb5ad
-
Size
408KB
-
Sample
220521-nhrq7adgb8
-
MD5
07741899596045cb465d1702a47190e6
-
SHA1
0424072ae814719fb1c9f83f0846fabef7f5754d
-
SHA256
257f8e1fa9214a7a17eb12572d6f0312f64d45cac76c870fb6f2fbee003fb5ad
-
SHA512
0d2759bb416c93e850685d28fb15ff052576083a43cbd3dde22ccafe9be8d01d889443a8df6bbe3d1fa2f078cabe5b093c028da2f4e5a2b3841ed186985bc1b1
Static task
static1
Behavioral task
behavioral1
Sample
Catalogue-Disinfectant 1.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Catalogue-Disinfectant 1.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
smt.treat@yandex.com - Password:
333link00win0303
Targets
-
-
Target
Catalogue-Disinfectant 1.scr
-
Size
553KB
-
MD5
0d9af17e7af59794c369d1c480a4dc1d
-
SHA1
3d74c23fecabe7389aedd61b07f0ab23cf11ecdd
-
SHA256
ab4da6a6eb17001b2427284b5007cd62a6cf724ba1546a13420a40fb4ecde06d
-
SHA512
a55bec9c2e0e5ea0e64b8366c012db07a53b15facbb857786548ca9ef2631a6279d76f537c834df7ce0b7da3d87db6b65e936f112e767b9eaa12243a0cea9cc2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-