General
-
Target
925033701a31e03124eff2b732e38b42de641ecdb17cb15a1b549b741d89e97e
-
Size
374KB
-
Sample
220521-nrpm7aeaf2
-
MD5
3ef8a35464679489b61af79db0d1d230
-
SHA1
0c413511eb83e0e47ffe60ee5f1e7e43e4e1a64a
-
SHA256
925033701a31e03124eff2b732e38b42de641ecdb17cb15a1b549b741d89e97e
-
SHA512
e44d5d8fc6b5870871e591ac5c9c389360afc16834cf1c121bb6d55198d9f4cdd1d91276af2403871581afb52fb104e786b0ac51e7f2b0000601b206c9ca2ae8
Static task
static1
Behavioral task
behavioral1
Sample
inv.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
inv.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
don@opt0ray.com - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
don@opt0ray.com - Password:
mmm777
Targets
-
-
Target
inv.exe
-
Size
465KB
-
MD5
47816f080ceb4d4f74700e16a1119c63
-
SHA1
26ef52d413be42a5fd038115a783c54af218ea01
-
SHA256
248e331a82ad9163431cb93b8f896addf5a046306f35389270ce457e042dbd94
-
SHA512
6f96254f53fc7ce8450ccc7fcdcd45eb087db06f5a1860498724428f405166c1702160ec771cefa32053004ac1d8ebe2af878194aafdff394e48774f94ab590d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-