General
-
Target
16e6d3573c9d2baff23f67eebd2cf90c3755023f3f03efb300fd0eeb5a282d7e
-
Size
362KB
-
Sample
220521-pyv9zsbdhr
-
MD5
385e8870690a28b6253b3376e48b7476
-
SHA1
fa6e3b318239d4a8e579de9fc6d1ad916bf2440c
-
SHA256
16e6d3573c9d2baff23f67eebd2cf90c3755023f3f03efb300fd0eeb5a282d7e
-
SHA512
6cefdb9b05607b30d0b4cc2bdae960c158e00f4b88d2b5a512b1383185ed2beff4494899c0a2149f485448fae0689436e879180f129d92b93087bb516ead5488
Static task
static1
Behavioral task
behavioral1
Sample
PI-CP200213001-BR-PAK-Wire Bender CHR-08-3A UR130 for (Canwin).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PI-CP200213001-BR-PAK-Wire Bender CHR-08-3A UR130 for (Canwin).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.israelagroconsultant.com - Port:
587 - Username:
info@israelagroconsultant.com - Password:
israelagro@123
Targets
-
-
Target
PI-CP200213001-BR-PAK-Wire Bender CHR-08-3A UR130 for (Canwin).exe
-
Size
381KB
-
MD5
b743c2227f2de908c452871bab7169c8
-
SHA1
18c63dc0f8446124ada2d9bcda0b3ce8d24327de
-
SHA256
00c549cab376f4115dfd046e19ffdfa21726213362d2dc1d035975b1686edf05
-
SHA512
70dad470bdfeee4dddd80e1287cec58a6be6e7903f1722b25e5f2478692e992e9be93e08baff7fe5118dafb90d91c8adbd1ea7f0193be6602e6a4baa3b90f59c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-