General
-
Target
06e32937444cad24306cd4020ba596618315a1329d0f6cc1aebdc8f9f2ed1dc7
-
Size
379KB
-
Sample
220521-pcnb9aacbm
-
MD5
66123c09c94b8b813b0fa552e16a3fad
-
SHA1
961c368a240b252e4c58f86ba7e00c1d2e350783
-
SHA256
06e32937444cad24306cd4020ba596618315a1329d0f6cc1aebdc8f9f2ed1dc7
-
SHA512
5eb940c64a3ae14111bccde667d075c74bcedf567902a3ef3b2b89213d3704ac583ace30136a00ef6cdff9be5be5d3f34ac2b298d9dab4ad6ad2740da5f4b68a
Static task
static1
Behavioral task
behavioral1
Sample
transfer copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
transfer copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
safaa.bishara@santemoraegypt.com - Password:
chimaroke2020
Targets
-
-
Target
transfer copy.exe
-
Size
661KB
-
MD5
551285c43af035791a7d1dd2b6a5d3b3
-
SHA1
8ee21711c73f0f7482364e5decad825d11f56d89
-
SHA256
bc7796f8bd7d5a36829a8cb64edac24a195ba0887053f90ca0d74899ed9a4d3c
-
SHA512
4dbea5084c0b61262622bec592136cb5dff9c7b122447ba1be0f7c773982628add70ceee2c8359ff298b9ed65b41e3869ebb9a30a1031283997dacf1dea6085d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-