General
-
Target
fd0ae9d0b6aed663eecb04ad89702ceb19a46153e472b3e4f85f7b59243b2fd5
-
Size
390KB
-
Sample
220521-nyagvaecf4
-
MD5
702746817a31038eb6428a1203d7c5ff
-
SHA1
6bc2c82206bb982b6bfaa4581d50842b9beeb8dc
-
SHA256
fd0ae9d0b6aed663eecb04ad89702ceb19a46153e472b3e4f85f7b59243b2fd5
-
SHA512
67fb36283302dc2701dfc8a33f0ad51699f4163a1d6c9faa43b3a723de079bafb862a254f63b64518c5496ff257eb4c5e7caacb42054844745f72afbe5c98bed
Static task
static1
Behavioral task
behavioral1
Sample
Pipes-Fittings.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Pipes-Fittings.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.adithyaeng.com - Port:
587 - Username:
thiyagarajan@adithyaeng.com - Password:
thiyagarajan*123
Targets
-
-
Target
Pipes-Fittings.exe
-
Size
423KB
-
MD5
bebe882187a04be28a1008a444df79c9
-
SHA1
414f32bda4cca27b7844765d07cc8472df3dded2
-
SHA256
ac9f4f9e2a4dd175cd1e19adc483ee4e83a5cb4460fccc43659563262b040c1f
-
SHA512
3bb624b1a70c4359915f78b9bb5bbf11a82c12b1121fcc5d303f927546e67e6aace274453bbb8608f7fabcff62d7474c85d1f4928a61c4d482bf1422936aa930
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-