General
-
Target
15de6de0f9f7d0ee3aedc254ca6eb26fee8f6a806bfb90590009c152ebc4f4ca
-
Size
523KB
-
Sample
220521-pc1mksaccp
-
MD5
204e9c40ba2b770ad7e653e0cd17ae97
-
SHA1
a38c7578d9616c2f5e16058e555ce4f91060003e
-
SHA256
15de6de0f9f7d0ee3aedc254ca6eb26fee8f6a806bfb90590009c152ebc4f4ca
-
SHA512
58abd3602e49ddcf23cc38aeb7df139514a9585b67514c5b63cb3774edfcd1297100697cd86080fcba097c2da123d59bc30287a5cbc7419540befaa4d94dcc0a
Static task
static1
Behavioral task
behavioral1
Sample
NEW PO #82001G Codice cliente 01734981 #ID8399905.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW PO #82001G Codice cliente 01734981 #ID8399905.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
denis@cerasantrading.store - Password:
bP7WXQMxhY
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
denis@cerasantrading.store - Password:
bP7WXQMxhY
Targets
-
-
Target
NEW PO #82001G Codice cliente 01734981 #ID8399905.exe
-
Size
742KB
-
MD5
8f46d47630806c7944cc8a2373ccd9de
-
SHA1
6385b26eff6fd475a95cd119b415f416ade8dedf
-
SHA256
dcab070fdf70c605bc000cc75848e8a70892b921a72079dfa7f1783ccf179f5c
-
SHA512
eb1366f75e4baa5765fae28f6313c883eaa495e2d62bb1bed16a559489642b72e9d826a0eca069154a5b91cbb23a423677b395d7ff02ad884b6dab3c5e4c71f6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-