General
-
Target
abbd36fb5f072b6712e855c44da6bff594927b8714e4fa39bf8839613d549f5e
-
Size
399KB
-
Sample
220521-ptr2rsgab8
-
MD5
f7174c4956d90610504c3b2d15dd5ba2
-
SHA1
a3645379eeb56adb55db2f7efb9d412ca97718b4
-
SHA256
abbd36fb5f072b6712e855c44da6bff594927b8714e4fa39bf8839613d549f5e
-
SHA512
54493377f076608590c377f89cd199317c09592416b8b18a8e6e561b55f0f8a3c13f4c1b61f66d53b3bce30a091278c4a1f13b9581a68acdb9aab20d7683d722
Static task
static1
Behavioral task
behavioral1
Sample
LOI BARMINCO EGYPT 25,000 MT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
LOI BARMINCO EGYPT 25,000 MT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
banks.logs@yandex.com - Password:
Swagger22
Targets
-
-
Target
LOI BARMINCO EGYPT 25,000 MT.exe
-
Size
445KB
-
MD5
017975c851957b2e3385649408b3a9ab
-
SHA1
22d93b0bbd01d3ec16ba9cb8fac279c0d6c1ebb9
-
SHA256
34fd2f974f36114022714c00ba809d638a1aab3bc57bcd83e8463c7d68865860
-
SHA512
84e0faf9815b7be4bafee1465206cd1e952b9e001c5c8c857857c2deb92a0a93c8d741577a067713268a8b41c041ed81221dd7e79399431063d2630a07d208e4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-