General
-
Target
e3bf1077e2dfc75592d9f064abc7ada64117a2478b23284e172f6cfa95b12484
-
Size
497KB
-
Sample
220521-prxt8sbbbl
-
MD5
c7bd3d843cb7068e992cbefc3226607d
-
SHA1
a02a4e8ee3bf3a7abf73e0dfa99145b60d1f4f09
-
SHA256
e3bf1077e2dfc75592d9f064abc7ada64117a2478b23284e172f6cfa95b12484
-
SHA512
515b4e085d34a2dd4069b6f93c08d8d8d856fec226ab58f7c4e9efcf73ee2820cba2e30e8126c6212d25b829a1b6f90c10bb6901f8f5ee4633d2817c9dc3a406
Static task
static1
Behavioral task
behavioral1
Sample
Reciept.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Reciept.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rezuit.pro - Port:
587 - Username:
[email protected] - Password:
grace1234
Targets
-
-
Target
Reciept.exe
-
Size
531KB
-
MD5
a1d22134cff1b4aa46c8182a6e53d5ca
-
SHA1
9873a836becb1c55473cddc412209bc72cbe43fe
-
SHA256
29e48627a7f173fbbb821c3c136e48909acde6a2c488aec8ecaf7c12ba1df9c5
-
SHA512
5325dd55fefc9fa95584929fd0e7ed556762dd9b40b3c9f3dface1ef1777c24ec0f9ac3e6ddda5ef569a4910ba29347db7e8f682a59d225342abe8dbbc572706
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-