General
-
Target
0a600564d101a021102f379d342261be5d059653276136f0b94b087f8bcf0cc2
-
Size
526KB
-
Sample
220521-pdfc2aacdq
-
MD5
e909241f7702c68fb622d49e7fb5520a
-
SHA1
5ad271d76731b362bee5b9ebe4e71468b84cb750
-
SHA256
0a600564d101a021102f379d342261be5d059653276136f0b94b087f8bcf0cc2
-
SHA512
234bdea8116b085719a03cf4f88fa75eeb711580d5a23c1008bfe03ed65382c4eb4a6e6cfc1be4714d3d01effdc63ef4bdbec8acc080bf9f318f10244ec151ea
Static task
static1
Behavioral task
behavioral1
Sample
Over.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Over.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mexicanproduct.com.mx - Port:
587 - Username:
produccion@mexicanproduct.com.mx - Password:
Produccion2020.
Extracted
Protocol: smtp- Host:
mail.mexicanproduct.com.mx - Port:
587 - Username:
produccion@mexicanproduct.com.mx - Password:
Produccion2020.
Targets
-
-
Target
Over.exe
-
Size
565KB
-
MD5
93da8515438ce678f4524bb46b730944
-
SHA1
63298cd943c95a626e6b129cb0628011304ef0c7
-
SHA256
b064d18c661ab69f54f7a4f1c1ea167553a6a324a859271a17203f2741a22c8e
-
SHA512
694f7cbf1593a42db90e951afbb7e590637f20e127165add34f5e049050abf1fcc0237a9c5b172fc47a2acd2e58814de9bad856880e8e13f49430322c87271cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-