General
-
Target
b3eacd6704e0dee5d2c6e89bf89eed06877dc3bedefde00d310703a0bbf44656
-
Size
763KB
-
Sample
220521-pgg12aaebj
-
MD5
62be3960da080891d2a3b5ac07a068a4
-
SHA1
50c1dc5ac15bb21b0683ba018242542da2dc23a4
-
SHA256
b3eacd6704e0dee5d2c6e89bf89eed06877dc3bedefde00d310703a0bbf44656
-
SHA512
e98347247ca1a5faf7c52d712203d1b2e6ccdcbd01ca135015516afd712740648ceccd3cb12e1e2e5228c2aa4518125e211486477c75f7934c7f9e4b3894f9d1
Static task
static1
Behavioral task
behavioral1
Sample
INV0087687 20 06 2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INV0087687 20 06 2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.c2cmarketing.co.in/ - Port:
21 - Username:
info@c2cmarketing.co.in - Password:
@prosperity1@
Protocol: ftp- Host:
ftp://ftp.c2cmarketing.co.in/ - Port:
21 - Username:
info@c2cmarketing.co.in - Password:
@prosperity1@
Targets
-
-
Target
INV0087687 20 06 2020.exe
-
Size
983KB
-
MD5
388b2f7aa50b4300514ffa2b49a97544
-
SHA1
a8e2d80bf3bbb3724beb2f2d4b9fc76d4d1b02d4
-
SHA256
824f7339e79e6640490b1c711aeec041ee057770e59fbebcaa7797d10b19d286
-
SHA512
39111d6c5e3476597e57e3878dedff9260d62f0b0dec2b10059b0808130068a2dc2d55b9c913516479aee2279dde52e6df8b14c19a5afb5b792d41bf47c13990
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-