General
-
Target
fb615d2823f07d4fa6a558f7a85c1f09b6705deec594d3e1335d14b3e5193f11
-
Size
503KB
-
Sample
220521-nycbfaecf7
-
MD5
382d52f28ccb53739d8b415fbbd5c1f1
-
SHA1
30c1c0dbc1bf396a608c01c9cf0e7e24db5a8ff6
-
SHA256
fb615d2823f07d4fa6a558f7a85c1f09b6705deec594d3e1335d14b3e5193f11
-
SHA512
ac38db5f1ed4f3fc21b4b985e26f5034cbc57704455edf1da2d1726822a5755ba727ab4174c8d75373f1e2d36a68a684431c7f5dfe2d58d397c4665f2de46e04
Static task
static1
Behavioral task
behavioral1
Sample
Invoices No.00004-00005.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoices No.00004-00005.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server122.web-hosting.com - Port:
587 - Username:
milli@cdperenco.com - Password:
_20_}*sehLA-
Extracted
Protocol: smtp- Host:
server122.web-hosting.com - Port:
587 - Username:
milli@cdperenco.com - Password:
_20_}*sehLA-
Targets
-
-
Target
Invoices No.00004-00005.exe
-
Size
722KB
-
MD5
8da25b951c498b507f732d0fdfd09a15
-
SHA1
87059509d7c01c614dec8a3d3753e2586afdeb72
-
SHA256
db8c0d21cf315034515bd28e49435e6cde73954c992c3a5528417019e9b25526
-
SHA512
65ab7ee60ed3d6bb7e3f39af0df0d841a341146505cc3c02933d645adcdc223c399b31867beda65c002d47e1533fedc1e91b480345e91f3b4cfe6603f69b549d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-