General
-
Target
1dc408f3f651caf2c45fc65d610f92bf6747b441c5f7c3f25dd6f781da83412b
-
Size
703KB
-
Sample
220521-xlny5sfcfk
-
MD5
2a961ad47fc73bfbbfb035d70e5457e8
-
SHA1
fdc2f892f4a1a519669fd85713f18618c96a93d7
-
SHA256
1dc408f3f651caf2c45fc65d610f92bf6747b441c5f7c3f25dd6f781da83412b
-
SHA512
55deec48e3599b6ae57599266a83710ee09a417f3452a2122ab80a05569905612d0f44be15d40bfcdff133874b3fc21af780957abcd80730126b59d987376b13
Static task
static1
Behavioral task
behavioral1
Sample
Euro45000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Euro45000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
businesslogs01@yandex.com - Password:
password20@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
businesslogs01@yandex.com - Password:
password20@
Targets
-
-
Target
Euro45000.exe
-
Size
913KB
-
MD5
3e5f80a483571fa625e56a00661250f6
-
SHA1
3b418712790d665aefcd8a907f4cefbf4f450716
-
SHA256
01e0d6bbfccea03b1686c70b809788f3b81d804f28709a8f7f0dffcc8761d2d1
-
SHA512
d0ec0a4d53f359c239898d74475622cef6a0063e9368b1cb7b3486327a415b7c0a6fd58b90e5b351c27ced9dbe4c728627ba25aac42c1cc357a3c8b89f7b39f2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-