General
-
Target
tmp
-
Size
124KB
-
Sample
220522-lzvs3ahfc6
-
MD5
b5680d05c29db4aaac268573cd17a09b
-
SHA1
ac7706d6bad227adb8259aed7993febf85b87ed9
-
SHA256
2b3f4cc38db496db9fb26595087296fb5d9c0fe1114353ea8ffd8d4be1d5e4c6
-
SHA512
0abf232463e18148f95f614048e96975674155fcdbed7d3c31f95ebb7fc7d6d36f5ebbc907952971496995535ff49c73509b31853dc9d0776bf62468a333cae0
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.centraldefiltros.cl - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@ - Email To:
[email protected]
Targets
-
-
Target
tmp
-
Size
124KB
-
MD5
b5680d05c29db4aaac268573cd17a09b
-
SHA1
ac7706d6bad227adb8259aed7993febf85b87ed9
-
SHA256
2b3f4cc38db496db9fb26595087296fb5d9c0fe1114353ea8ffd8d4be1d5e4c6
-
SHA512
0abf232463e18148f95f614048e96975674155fcdbed7d3c31f95ebb7fc7d6d36f5ebbc907952971496995535ff49c73509b31853dc9d0776bf62468a333cae0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-