General
-
Target
faf5f10ca8612cdf38dd462ea5431518dccf2784bfecddccd8d6dc6d5404c97e
-
Size
554KB
-
Sample
220521-nycxzahder
-
MD5
1b1762e7f8da696fdfe114d4143ab2ee
-
SHA1
ed50cba91cf2b95652d19778adf3a1de688176bb
-
SHA256
faf5f10ca8612cdf38dd462ea5431518dccf2784bfecddccd8d6dc6d5404c97e
-
SHA512
ce27642ee4c97037fba3eb73c14d077a07d46f18fcb1b92130a17a1e5d3325833ac4766b32b34b9a4cb9ddca43ccea67064b4d705795d07f214a0c15c4cb7ff2
Static task
static1
Behavioral task
behavioral1
Sample
PhytoAB - Attached #PO 00620.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PhytoAB - Attached #PO 00620.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.braziliancoffeehouse.co - Port:
587 - Username:
warehouse@braziliancoffeehouse.co - Password:
Brazil@123.
Targets
-
-
Target
PhytoAB - Attached #PO 00620.exe
-
Size
659KB
-
MD5
b9884781fa61b73e87b491dad108e74d
-
SHA1
3437d90ccc896d021edd8de21e955641871f2122
-
SHA256
960bdf7b7b3bd263fcd5aa32f4b0ddb567349d46f6d5062a8000981675bffe6f
-
SHA512
3a178254b9db848c4ee804ee9edd9cc53ceedbd90cf7e8a355962ad2e935e42a70ab0a7cea04f1b85ff933c7823cb1b54bf9bc6e387153132216ac1df3e10df4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-