General
-
Target
672efe599206140279ea2cccb9e646a5d031eaaf095d2ca7e2c1967fb0611ed7
-
Size
538KB
-
Sample
220524-1gxl9scgem
-
MD5
f8b29834f577fa100797a3ef71c093f6
-
SHA1
9d0df3db593b3085e22309b090b25c3c7989b4eb
-
SHA256
672efe599206140279ea2cccb9e646a5d031eaaf095d2ca7e2c1967fb0611ed7
-
SHA512
50ded41d0bc711bebe02fb8bbb89e3d64de91b136c8eb5addc13e7d35793fd8b9efe51a47d492fcfea698c99c9ada2202200610fbb4ceeb745d0303a3cd957eb
Static task
static1
Behavioral task
behavioral1
Sample
BL & Shipping Document PPTX.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BL & Shipping Document PPTX.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mosaiclayouts.com - Port:
587 - Username:
sales@mosaiclayouts.com - Password:
UY$W4+]^+9;)7CF5
Targets
-
-
Target
BL & Shipping Document PPTX.exe
-
Size
477KB
-
MD5
c243cc720d1eda1c6a13baee37b4c1d1
-
SHA1
946a34575eb88801da37b1e6c46a9b6afc694182
-
SHA256
fe8b7dfe8bc6cf9d0bf54942b5bdb15a1f24cc9fd7b2f680413ec97885ec1118
-
SHA512
f72fdbcb27fa02127b61d80ee7e6556b37090bf15b1d14538ce4ab5dbc452f3d7585e0e1642a7875b17a1efb949e9d21e05829f62776fe77d0a42e568e1dfb67
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-