General
-
Target
ctf.exeqvekahke
-
Size
696KB
-
Sample
220522-f2a9jsahhl
-
MD5
8873c4eb8f79f88b60242a627d281d97
-
SHA1
9dd890362ea4edbca5180083c135455942e29c4c
-
SHA256
02c460bda27f5171c39df0fa18b8c103c0b9a5aed1a1a114b51e3b6758e77364
-
SHA512
4edfbfebd9762e8fd542e2096b66e913f83b6c53fac78ead9f620dac9a603cbb1d0749b22270beb9f25eaaf20100f6f6f1924aa3b57534709495235ae7ae4b1f
Static task
static1
Behavioral task
behavioral1
Sample
ctf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ctf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.storewel.com - Port:
587 - Username:
hr@storewel.com - Password:
windows8.1#
Extracted
agenttesla
Protocol: smtp- Host:
mail.storewel.com - Port:
587 - Username:
hr@storewel.com - Password:
windows8.1#
Targets
-
-
Target
ctf.exeqvekahke
-
Size
696KB
-
MD5
8873c4eb8f79f88b60242a627d281d97
-
SHA1
9dd890362ea4edbca5180083c135455942e29c4c
-
SHA256
02c460bda27f5171c39df0fa18b8c103c0b9a5aed1a1a114b51e3b6758e77364
-
SHA512
4edfbfebd9762e8fd542e2096b66e913f83b6c53fac78ead9f620dac9a603cbb1d0749b22270beb9f25eaaf20100f6f6f1924aa3b57534709495235ae7ae4b1f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-