General
-
Target
e1f308b79062c7e9aa123e612582e2bc934be19bea80d4d65477999669e7885a
-
Size
379KB
-
Sample
220521-nyzrqshdhl
-
MD5
917896740992658d66bc764fee6ea1d6
-
SHA1
3a8f06c252ad571570d9f06bc19f4bb4fd929fa3
-
SHA256
e1f308b79062c7e9aa123e612582e2bc934be19bea80d4d65477999669e7885a
-
SHA512
0edb7f680d2d20c20c7edc95362354836f5551ac74eb908e1e553a5d8a4877bb263790df0ec98fd0338f8987cf894f3274ebfbc6895dfe711656fb567f8dd25f
Static task
static1
Behavioral task
behavioral1
Sample
ACCOUNT STATEMENT (UPDATED).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ACCOUNT STATEMENT (UPDATED).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0180.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
Prasad@gis3
Extracted
Protocol: smtp- Host:
sg2plcpnl0180.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
Prasad@gis3
Targets
-
-
Target
ACCOUNT STATEMENT (UPDATED).exe
-
Size
432KB
-
MD5
4bc2a0d0b3d7d05195cade791accd839
-
SHA1
7950daa9dc3dffe30fe26d80ea5558ebc9651e1b
-
SHA256
332c9e753e6cf75531a41d142dfbac6ac6247b15597ea6cfcb19ca408cc96770
-
SHA512
70e41c0b6ccbf1b139ddb056df83217dcbac3f212fbd8b0059ea015661070f553f57901c95d11e4c7b695a1f30c7ee91fe3cb232553e1a3d85ca10e8a844a17c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-