General
-
Target
ed0a297e10bb621305115648783375beb0c379b1e2178f4a7470af515978889d
-
Size
470KB
-
Sample
220524-z88ceageh4
-
MD5
b711d2cc512a216f40540fe0d96815a6
-
SHA1
0fdfba79e01ee574493cb679af9a6e212e7e6d01
-
SHA256
ed0a297e10bb621305115648783375beb0c379b1e2178f4a7470af515978889d
-
SHA512
5279a905b1ca608191fe46b526bd754a5bb0f2a5b2eac62e53d58e17d6b68e305d95e8dfcb7d3fcdeda46c568d5b6fb6d548b112513a9c4e53b2525f487562dd
Static task
static1
Behavioral task
behavioral1
Sample
स्थानांतरण प्रति 06-19-2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
स्थानांतरण प्रति 06-19-2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.tde.ro/ - Port:
21 - Username:
pascal@tde.ro - Password:
playboy123
Protocol: ftp- Host:
ftp://ftp.tde.ro/ - Port:
21 - Username:
pascal@tde.ro - Password:
playboy123
Extracted
Protocol: ftp- Host:
ftp.tde.ro - Port:
21 - Username:
pascal@tde.ro - Password:
playboy123
Targets
-
-
Target
स्थानांतरण प्रति 06-19-2020.exe
-
Size
494KB
-
MD5
d6f540ae573384978c6cfaaacfe100e9
-
SHA1
0c260021351ec47e2f7e0fd6e698fc592778f36b
-
SHA256
7776acf04971eb31d1ceca8e09d1b7579a39a7dbcef5759f051e9f3b49daaa72
-
SHA512
75ee1fe50354dfa639a9fd98c646557ddf1415ed2882139f7c0ee7a6f2297da7d1f87124c0ad42b719e989c16093a6638b6b2f933f262e7d118bd8d302cc2218
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-