General
-
Target
4414c64ea8d943a2df9a5200f059db1d4e344afdcc561dcc86678ff5ea1c4ea7
-
Size
452KB
-
Sample
220521-pma5nsagdm
-
MD5
3cb474cb96cf4808979870e6519bdf1f
-
SHA1
e468aa021349f5928915ad97ff3fff5701d4dbe4
-
SHA256
4414c64ea8d943a2df9a5200f059db1d4e344afdcc561dcc86678ff5ea1c4ea7
-
SHA512
563a5efc4182f46b2a8353d876552e4452347f12ed4dbb5325aed952ec4ed3de7abe6e08987cad5645a7eb745e6233d4401efd1f2b8931b23c78915dcf55e2a1
Static task
static1
Behavioral task
behavioral1
Sample
ORDER _# 6WHQ492788G.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER _# 6WHQ492788G.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
ceo@sktech.club - Password:
1234567890Bless#
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
ceo@sktech.club - Password:
1234567890Bless#
Targets
-
-
Target
ORDER _# 6WHQ492788G.exe
-
Size
841KB
-
MD5
abc4f95a5cda04a4c1e3c0a1e0a7eb92
-
SHA1
885bc02ac8295c7cb601df9520f63d0c35b11af5
-
SHA256
7204eac3f08e94c2330bb47f7caf2464c9b04863bd4f52b67d4e166171165b90
-
SHA512
1dd983c5b0b183a3526288ccc57837739ff96268117805737796a83c03953129474e1170b31f0e0fe661e483f8e6d86231fee4e1a58cc992de37a28e6f711518
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-