General
-
Target
5a9acdbae070b860cafbd5b2eea81976f0f7babd6107e76ecac6503e74a09ab0
-
Size
506KB
-
Sample
220521-pbphxsabfr
-
MD5
9a9a9879fcdce23edaefbc75a446cda7
-
SHA1
9bc2f7779110f59d254106b59703a5a3c611727c
-
SHA256
5a9acdbae070b860cafbd5b2eea81976f0f7babd6107e76ecac6503e74a09ab0
-
SHA512
2a23e69628d0ba701a92a1614a67def48ba6f5861e6bb1ab34cfcfe3d3a4117a43e233d2ab97a0b2b0c46734b51a94e4eff1efd4a083ce891228d9a63d446f35
Static task
static1
Behavioral task
behavioral1
Sample
154469-70.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
154469-70.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.grupo-pc.com - Port:
587 - Username:
karinaacosta@grupo-pc.com - Password:
karaco2017pc
Extracted
Protocol: smtp- Host:
mail.grupo-pc.com - Port:
587 - Username:
karinaacosta@grupo-pc.com - Password:
karaco2017pc
Targets
-
-
Target
154469-70.exe
-
Size
541KB
-
MD5
6ca0fbaf6b9293c1786b8a34d73aaa2c
-
SHA1
5fe01ef031604fe164606b8fa4790530494efae0
-
SHA256
ce62db6659d55100dccca756c2782c49aff09f36c9b08439ff357df77a2020a5
-
SHA512
8fbc61f53afd964ffb950888f3f9388b9e375092a9a10426e7abbc5f8364f142f7cdd3aa77da448b385903c77d6400b97594068646c4d30f81d0496e579036e9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-