General
-
Target
ce0dea969f425255b8d83bb730aad6fa2348fadc7d56338772793e9ff74f3020
-
Size
355KB
-
Sample
220521-nzpcdsedb6
-
MD5
10be33d08f597288f7cc3f6896fec457
-
SHA1
c25481934e0be3183899f00608acb1dba8a65be8
-
SHA256
ce0dea969f425255b8d83bb730aad6fa2348fadc7d56338772793e9ff74f3020
-
SHA512
7cec83a3c3ad1cc5659ab5dc7da610aa8ab1e872b1a8b1f020cbbfae6d51c66571cdb18d6921efde8445a3a866e509b0e07772523fb01665e133d95c4c3871b4
Static task
static1
Behavioral task
behavioral1
Sample
Ziegler Hellas SA GROUP 1X40 CNT #PO101166 .exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ziegler Hellas SA GROUP 1X40 CNT #PO101166 .exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
microft@eusuppliers.info - Password:
!4U9j9yMSn=G
Targets
-
-
Target
Ziegler Hellas SA GROUP 1X40 CNT #PO101166 .exe
-
Size
469KB
-
MD5
1d03e0012f36abbd2453692cdd0b1e02
-
SHA1
94e926134ae62e79e3c76bf4f11e13bb73bee718
-
SHA256
3c6ade352dcf983887305516d4badfef0c2ba06e20f90cf34f09c4cf928196b5
-
SHA512
bab2e797447bfc23f24f471e6001bd5cb7bc8f8c8d9d255139c6ab3090745e4458672c2c3a5ed9c0c65ec299ef8dfcd180549b5a709dd2d48b044ddfbb6babde
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-