General
-
Target
988b266f501428b61fc10a827e602b3df790cc16882f156403270ac4fdf50a0a
-
Size
519KB
-
Sample
220521-pafjmaabbj
-
MD5
98798ea9d501a71a852c27ad1bd7e2d4
-
SHA1
85b8e8fe843ce2cec1ba12f491e8a263df6a4183
-
SHA256
988b266f501428b61fc10a827e602b3df790cc16882f156403270ac4fdf50a0a
-
SHA512
f5e3941e9cc58a08c8fb4b784f3c60a7ff08ea599e1a779a3acf262df9e34c94b3879e5b20db09b3ceae3d11df3c8b5dba452a7167ba86ffab473fa1fef4dc91
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order Barminco EMRA 0093.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order Barminco EMRA 0093.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
banks.logs@yandex.com - Password:
Swagger22
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
banks.logs@yandex.com - Password:
Swagger22
Targets
-
-
Target
Purchase order Barminco EMRA 0093.exe
-
Size
605KB
-
MD5
dde3cde1c4e0c6c4e62cac319ac2ea9f
-
SHA1
14b8b6393f601f3ed84a01a73dee2b31152c4823
-
SHA256
7ef79b0251ad78e90b1cd1e95fcdd8566ac3629d6a921a3aca8383edc8893f82
-
SHA512
77aece7e99ab840d66fe0c237d47157dd1265344d467a7582be0a8ef416f505015fb1b0b1d1a249913349a329631de6591ba8db09a3f8190cf12f009395da0a5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-