General
-
Target
cf1c8482459d7f758e9fd63d528aaff660dad300223f386aff7a132a476eb98e
-
Size
303KB
-
Sample
220521-nzl72ahecr
-
MD5
975c01e5c73283f3299b85818efdd878
-
SHA1
a579aa140127ca900f229df4a884ba4365cf15c9
-
SHA256
cf1c8482459d7f758e9fd63d528aaff660dad300223f386aff7a132a476eb98e
-
SHA512
374a85b82cb335263f6f8b23dbaa57c13a28f89bf9c1f052ff858c8976a08fab750548becbf8f101ed2ef895247200a6d5541122138b26c5f5bbb27c78f95bbe
Static task
static1
Behavioral task
behavioral1
Sample
REV- PI 1696195.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REV- PI 1696195.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.usamilitarydept.com - Port:
587 - Username:
leaveboard@usamilitarydept.com - Password:
qqkgpIN2
Targets
-
-
Target
REV- PI 1696195.exe
-
Size
314KB
-
MD5
9c07ba9ceaf6aed08e629b371a12bab0
-
SHA1
41caa9c09ad1a264cfc153155366ec3e79bf7f49
-
SHA256
7ec1cc4defdaf07771550b26856d416039f766284822bf91aa2c692df7b7204b
-
SHA512
edb2e5b28a2c3fd8aa5e1857e1c6f7b5036a185b1648bbe8d4833041d53b63de5312849d8855ed10f2447a9a550fcf9536076169ce181ad23e30d92971a7cb47
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-