General
-
Target
d9cca883238caccbe3f1a30fed56365a9851c8e38cf792cae939418f3c74bc69
-
Size
1.3MB
-
Sample
220521-ntal2shbgn
-
MD5
f04f3fe51fb6f436acbf6d434d3f03c8
-
SHA1
7ddae080af85de15ccbed8bd546fbf596ef8eb46
-
SHA256
d9cca883238caccbe3f1a30fed56365a9851c8e38cf792cae939418f3c74bc69
-
SHA512
f1e50dfac200d9f8684ee6a353de89c917d895ba62694107c17dd6acf4c64188c496465c9ba21b8527e635ee8392b0f1a8837abbda2a760f32fb1b43a4d7f965
Static task
static1
Behavioral task
behavioral1
Sample
SQGGJAG4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SQGGJAG4.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Conversation2
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Conversation2
Targets
-
-
Target
SQGGJAG4.EXE
-
Size
781KB
-
MD5
b5a3064a8433aa784a483bd09efd54ea
-
SHA1
4ded48a3ade472a3bc8e473940c4f0e3a8a559ea
-
SHA256
060d15c90abff2e42e9d74ab76641714eb052e3dde154082ed937ad146f7bc85
-
SHA512
f9deb0d686238196674b92b8ffbf0928b752e6c9b6c92416c4eca99c6b566c36e6be8ae05c581962e92d86a4faf6f500ba243b2b82d8f76e594fd406171a6e06
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-