General
-
Target
9cac91adc3dbc1fdd15e503391b9656ec2d7b9b31e72273b34afb4dad684dc67
-
Size
1.2MB
-
Sample
220521-pad1ssabaq
-
MD5
7668436fa63679f38c2412dad1cec7a5
-
SHA1
32f1eef39895baa9cc7835011475db22063d777d
-
SHA256
9cac91adc3dbc1fdd15e503391b9656ec2d7b9b31e72273b34afb4dad684dc67
-
SHA512
dfa20c7c08e29fb304660e6c74570de5ef8a27ea932a6ef3233b8b101bb9510d26218287a0fc81579f0b372118e9e6f32217b89ca3a9290436cb17bb4fe826b3
Static task
static1
Behavioral task
behavioral1
Sample
IAHYP4OU.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IAHYP4OU.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.studlandstol.com - Port:
587 - Username:
duty1@studlandstol.com - Password:
dutyfaithlu12345
Targets
-
-
Target
IAHYP4OU.EXE
-
Size
620KB
-
MD5
33b370e37c963a7e3051a98a63429e4f
-
SHA1
92baae7d4da34c18807942cfb6c9f11906450d49
-
SHA256
d00a0836ea91458d1521ee4ebeaab0746a45b10901497a215b0bd0ebdf045e61
-
SHA512
898ae92ed64d30661a3884c8a4550ad7aee4515a2f9d0c3ee3d4404ac627f50ef888a4ba9d8c61df85c176faae014410e92f4f6c72679f69516eecfdc7664774
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-