General
-
Target
a0beefa53ecaee5ad867860a63aafe592dba7cc3d934c1c4c864760191f553f2
-
Size
517KB
-
Sample
220521-paaclsabal
-
MD5
46ba9aabd746c9db44a17452d15c9068
-
SHA1
a8695fc308d93efee2c4140c77c7647f81ae7e58
-
SHA256
a0beefa53ecaee5ad867860a63aafe592dba7cc3d934c1c4c864760191f553f2
-
SHA512
31c50b262802ed283811d274b72f7429d427dec3fef54f01fbe99a1df4f2e14cd5269886e9af458bdcf6eacccf0ab2c6f902e680934e719985630442943a08a6
Static task
static1
Behavioral task
behavioral1
Sample
PO 300720-FMB.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO 300720-FMB.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nsmelectronics.com - Port:
587 - Username:
admim@nsmelectronics.com - Password:
Bsuagwu@
Extracted
Protocol: smtp- Host:
mail.nsmelectronics.com - Port:
587 - Username:
admim@nsmelectronics.com - Password:
Bsuagwu@
Targets
-
-
Target
PO 300720-FMB.scr
-
Size
639KB
-
MD5
a51b0e45f72d4a6249912da6538c6e2c
-
SHA1
c72bdfdbef4a47f1028d405a3a40513a257e3092
-
SHA256
a1e30a2a09896194a7b457401dd3a9b405b53aeea17a21ca6b99b2e8da5e2876
-
SHA512
4b365b0e1cd0adbbc0c5a2ac0069c8576b4286e019f659f4a85530bd149b3b2fab0f955d753ad978c5223c56f76a996abcde78db60f6eb1c2e097fad1266095c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-