General
-
Target
326866f45d9012b4997faa5c2d6d7b21421db4d7d60ee050b46dee9515a3ac40
-
Size
541KB
-
Sample
220521-px6dkabdep
-
MD5
3dfd77505e49ecd3dc24b11af95dd688
-
SHA1
dc3bbbbb987ef4ae6087e57a98d9f693aba57695
-
SHA256
326866f45d9012b4997faa5c2d6d7b21421db4d7d60ee050b46dee9515a3ac40
-
SHA512
253507f38c9748687fb174a7d4d5c2644b96ce2d8a74f9104fde4aefe43cf0de61f1163002a019fd355825f3efc520f6ed0587f57cef52a7fdd9b3ae493895a6
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Inquiry Datasheet Of Listed Items.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Inquiry Datasheet Of Listed Items.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server122.web-hosting.com - Port:
587 - Username:
burna@cdperenco.com - Password:
OJZg,yx3yFHQ
Extracted
Protocol: smtp- Host:
server122.web-hosting.com - Port:
587 - Username:
burna@cdperenco.com - Password:
OJZg,yx3yFHQ
Targets
-
-
Target
Purchase Inquiry Datasheet Of Listed Items.exe
-
Size
786KB
-
MD5
de95d2e03aaff80b18b08e155642b266
-
SHA1
be1450801821cdc916570479e618a67090b82102
-
SHA256
a52c72aa195562b2f469e6dbc1e2e7534aec440d4674cedb788f3800286ecbbf
-
SHA512
2fe944c2731b5e3103337dc571de08d78fd7c1c47d0dfc68cc996b3057d476ddbe72bff97bad6bd3c58deda53ba1257b319208f2de7e49677b477134d0794371
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-