General
-
Target
932811bab8ae845d0aa16b2b64d8d666bfaa291756738ecf9add076c1abb9b98
-
Size
388KB
-
Sample
220521-pvnqqsgad9
-
MD5
52df66ffab4639de4991db0a0fbdc144
-
SHA1
4d05d0723f8dd9f898ee8b97f24f1938fa8caaa2
-
SHA256
932811bab8ae845d0aa16b2b64d8d666bfaa291756738ecf9add076c1abb9b98
-
SHA512
d27c90f26265d46b36128a6a083f8f82606418b7e05b06614888202cbe37030b82bd5f96c83c8233c3efedcec9d0dae1a6af29921f720ae4565b2b88cb9c5a3a
Static task
static1
Behavioral task
behavioral1
Sample
PRO029-T-IT-L_Electronics - Turkmenistan.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PRO029-T-IT-L_Electronics - Turkmenistan.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.century1991estate.com - Port:
587 - Username:
rosto@century1991estate.com - Password:
mpius3902@
Targets
-
-
Target
PRO029-T-IT-L_Electronics - Turkmenistan.exe
-
Size
442KB
-
MD5
a79749bc6863e10c26eb11584c4f345b
-
SHA1
7b5361e6d2714eeca1042ad78632f37a521e66d0
-
SHA256
ec81caaa2e1246dac5787f5d99b2efde8251e889cdab987cfae838bebc0a85e2
-
SHA512
81f0b51dd10f978e313a89dd3cfe7f927f6078fda31b8e9bf1bdbe736b0948bc1188376842ece3f51c06bc2d91bf43ae7cc3e5b3470202036385525813166ac4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-