General
-
Target
a6d985c984742eaef4baa9647cb3de87a5de7e2f3a33e63d255a29d1bedf2b46
-
Size
424KB
-
Sample
220521-nrh6eaeae5
-
MD5
3a63a5e9ef5caa805c9bcfef5213618e
-
SHA1
af2571ba0e6b9afabae02c44690ed9c7447e18eb
-
SHA256
a6d985c984742eaef4baa9647cb3de87a5de7e2f3a33e63d255a29d1bedf2b46
-
SHA512
d6ff9015b9cfa0441c746b7b1155b6dd68d4442802215f2a315f32ae5de997bd563b0c312262289267098340f094b660a1d44f7dff13bcc31905da3e0b7d255a
Static task
static1
Behavioral task
behavioral1
Sample
POLwtksTxCFgqh7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
POLwtksTxCFgqh7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.islandkingpools.com - Port:
587 - Username:
accounts@islandkingpools.com - Password:
Accounts$678
Extracted
Protocol: smtp- Host:
mail.islandkingpools.com - Port:
587 - Username:
accounts@islandkingpools.com - Password:
Accounts$678
Targets
-
-
Target
POLwtksTxCFgqh7.exe
-
Size
469KB
-
MD5
5d272c686eeb536b59cc1e899e47c07b
-
SHA1
a40f0308d6566b917ac5a612d6f9eca57f63eca6
-
SHA256
a563a898ce1c8dcac374ef8a468e39a185ca3b010f1a41b60731a7beac23f846
-
SHA512
d25dd0d00316b7dc68caf58b1eae4478edea1d1ff6b65cc797b6b11029a0e8f3d72b770fcf43d8f717631832d20b76069924c361c7fc13c25f2329920f705ad3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-