General
-
Target
f5ea7c625820acdfcbfe4356df9f0f6b7ba1443669c1098de6afab8ac34f1908
-
Size
518KB
-
Sample
220521-prcjasbagn
-
MD5
6b7e6a14749094d24ab8325910b884c7
-
SHA1
d151fded79e433d483ac834e774563cb313c4b22
-
SHA256
f5ea7c625820acdfcbfe4356df9f0f6b7ba1443669c1098de6afab8ac34f1908
-
SHA512
714902eaffb87628973cf89e6e53dcdc6b687bfd16bd8d7b71283be78550067e3f47c936ed15591047f9c784dd6073a8b7852f91c433f2e61527f3cc561cd0fd
Static task
static1
Behavioral task
behavioral1
Sample
未付发票付款USD.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
未付发票付款USD.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
未付发票付款USD.exe
-
Size
552KB
-
MD5
df0ca2463ce3c59e3b3af8458f560740
-
SHA1
149754ffae13985785ea4666b815de73f191bfa8
-
SHA256
7bb53fbdc6a507aac8dde06e886e87b4ee7539ba45dcfc418b3a918457161ac0
-
SHA512
61d021c3817f3a638e2d8b8680fab74796472814cec71f80787c6246c10e19225bb78dc52bf0dc479b569d18c8436c0f4cd2442deacaddb4b9a6a038cb9c01d9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-