General
-
Target
09f71363eeae20550c65800031e142057ca1ebe52be382b0cdc4ad35d8ddba1e
-
Size
336KB
-
Sample
220524-1nsa5ahbe5
-
MD5
756dacf76917f79f5795958815e6dcf7
-
SHA1
24f293e12498264c32d356ad42127cf950b10018
-
SHA256
09f71363eeae20550c65800031e142057ca1ebe52be382b0cdc4ad35d8ddba1e
-
SHA512
c7a20e179e8cb2602fd4d93817ac14202286afa6763abd64cd18627bafdcded056e17263966ea929bf42bb27483653845f1fd059723ddd0030cfe16bd091bacb
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOCUMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
DOCUMENT.exe
-
Size
402KB
-
MD5
80a0e44a0b9428e5c1c22669de4199c2
-
SHA1
62a712d3b5ffcd9e63a4d91899b05c0fb11e03f3
-
SHA256
02a155cd37b9928135915cc0ca32e4bb683335d1bc1fadec09bd667917e2c734
-
SHA512
6a462ab876c1995bc8d1e42be965e31bedb395b831cddd3b8b0b1c68a0610a1efff0615d2baf630d924b03c27556ce763478bbda2a36e125b0b63b43024e8bb3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-