General
-
Target
44ef5a62b6a9c014ef9e13bb699b162ad599033040f0e59c89abb119da0c10b0
-
Size
415KB
-
Sample
220521-pl9lvaagdk
-
MD5
9395d233d9c3387acdce89239696e962
-
SHA1
37383b1b046cddc654d030e39b4c43518f4fb177
-
SHA256
44ef5a62b6a9c014ef9e13bb699b162ad599033040f0e59c89abb119da0c10b0
-
SHA512
e41796a228256ed09d214a58583da1f17524eb14b93b036bd6c46fb422acce55edbbb36c748828f0993fd2f11ca1bc52382e3be59b59885c7cb606be332502e4
Static task
static1
Behavioral task
behavioral1
Sample
Product_vershold_offersheet__sample_v1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Product_vershold_offersheet__sample_v1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.almushrefcoop.com - Port:
587 - Username:
zainab@almushrefcoop.com - Password:
zainab123
Extracted
Protocol: smtp- Host:
mail.almushrefcoop.com - Port:
587 - Username:
zainab@almushrefcoop.com - Password:
zainab123
Targets
-
-
Target
Product_vershold_offersheet__sample_v1.exe
-
Size
598KB
-
MD5
80abf4b48ea624d88abb12c5057ac894
-
SHA1
374f6135d41b33ae95c8ec8ed1e364f819d928da
-
SHA256
5fd1a8e20efd63b0f47c74d6d85d280bce0fdf2e9843ffdf3461fc29ad26d9a7
-
SHA512
1ed3966c79259e6563f2066086a2506bf539554b59a2bf4674f3e5ec96292c0a664e209c2c03c869b2be0bb328efe893f82cb1271f20d28868b9da5923de9223
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-