General
-
Target
3a463ba2de2c7e49bfc53e15d2a730d2dcf543ac0f3da36134da973c824e49d3
-
Size
330KB
-
Sample
220521-nx1mmsece4
-
MD5
6ead152423f696c4cd4354e7a69e61fe
-
SHA1
e4055c5714627efdb02ca0e07a862923177a5275
-
SHA256
3a463ba2de2c7e49bfc53e15d2a730d2dcf543ac0f3da36134da973c824e49d3
-
SHA512
0befb2c3401f12544e83ac76b42c467bac7cace5393a21d09854803d89f8d836996320e522dec0a8dd233a50c2948c421f279e60c2ed55f3ef86670f2ca782b5
Static task
static1
Behavioral task
behavioral1
Sample
AWB 4673369094.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB 4673369094.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs2020@gtbenk-plc.com - Password:
mkoify147@@
Targets
-
-
Target
AWB 4673369094.exe
-
Size
385KB
-
MD5
0cbafabea2a3a145175e87c57281b5cc
-
SHA1
8f20185cf7abb50f8789239644f381bbdd5add2d
-
SHA256
6f019b52d40fa6975b85802c83264877db5c47493fd9bf9307f5fba0ef2393aa
-
SHA512
33323c8730bede47e338055568fc20561f2fc480de88b6f162484b698d685cd74f252ed4d2136200d437fb9e9007665c4bcb9bfbd37d38ef8b5a7b48641f01dd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-