General
-
Target
162c036ca95919c3e108867142be132569f5b346fe98df4848d9ccf96bc08a76
-
Size
377KB
-
Sample
220521-pczehsaccn
-
MD5
d4a17a8ebe3ee85bfeb7f9db6ced5639
-
SHA1
bd159ba2bd664fd9cf01dd02bbcd0748a9b925fb
-
SHA256
162c036ca95919c3e108867142be132569f5b346fe98df4848d9ccf96bc08a76
-
SHA512
275fe1bb23dda76574e933e129055a53eb58f722b74e5b9a6ab1308ce4087fd658957334375cb2d1789d2852fd07ffc1be8e9b0ef89e01caeea7060a675186f1
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA ABRIL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FACTURA ABRIL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.segimar.es - Port:
587 - Username:
segimar@segimar.es - Password:
marSegi15
Extracted
Protocol: smtp- Host:
mail.segimar.es - Port:
587 - Username:
segimar@segimar.es - Password:
marSegi15
Targets
-
-
Target
FACTURA ABRIL.exe
-
Size
411KB
-
MD5
355ef144068e962287ace0c6b449ea0f
-
SHA1
4672747248d1694f80791972f8d69be8674c5144
-
SHA256
900bf6c4cdf55297d7b0a205bf3cc771763bd163cdea9351080fb01714f4fc7d
-
SHA512
2b7b6c8575e1d37e0d09e8251c56cfda7a57094c60c1a6629f1d6dc197109168a049d27cfc481f839b515e6facc0fb75aeff5fa42466f26854706f9495424d46
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-