General
-
Target
098f0abe6aa81a26b7f8c7377b673da27b639e19444633161a487d07428abc1d
-
Size
469KB
-
Sample
220530-wspnkseef6
-
MD5
61c1a54a3e28bdbba33206f53d116605
-
SHA1
47af2a90883e0fc55adb5d2e6b26a00157bc657d
-
SHA256
098f0abe6aa81a26b7f8c7377b673da27b639e19444633161a487d07428abc1d
-
SHA512
4ca2e5e8f288ef8f50bb04800f98835dce69b2d1e786cba483b44d43d3b745fdaf1697ce0682d117e73197c0db3b6beea2ebe95eb95eb7b920107b9a13ac7bd7
Static task
static1
Behavioral task
behavioral1
Sample
098f0abe6aa81a26b7f8c7377b673da27b639e19444633161a487d07428abc1d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
098f0abe6aa81a26b7f8c7377b673da27b639e19444633161a487d07428abc1d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pipingzone.com - Port:
587 - Username:
sales@pipingzone.com - Password:
PQ^vN@^wm6
Targets
-
-
Target
098f0abe6aa81a26b7f8c7377b673da27b639e19444633161a487d07428abc1d
-
Size
469KB
-
MD5
61c1a54a3e28bdbba33206f53d116605
-
SHA1
47af2a90883e0fc55adb5d2e6b26a00157bc657d
-
SHA256
098f0abe6aa81a26b7f8c7377b673da27b639e19444633161a487d07428abc1d
-
SHA512
4ca2e5e8f288ef8f50bb04800f98835dce69b2d1e786cba483b44d43d3b745fdaf1697ce0682d117e73197c0db3b6beea2ebe95eb95eb7b920107b9a13ac7bd7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-