General
-
Target
9b39828b28c9d575bb1d844c5fd6e1bb2a49ddfa02302e84caedd075b6625d1c
-
Size
397KB
-
Sample
220625-cq7a3aadcp
-
MD5
7fc4300a6f6dea00b341018b3366e8be
-
SHA1
05b8a1966cb6b423f9e0da49add7d7cd913a9c73
-
SHA256
9b39828b28c9d575bb1d844c5fd6e1bb2a49ddfa02302e84caedd075b6625d1c
-
SHA512
dcc16e705fd42d295e64580585068aed496611506ae26783321e00f63d50bbd8efadff7573f0c6c8bcc59eb9009b1b0d88fa3d5cd778135e1c049bcc203bd26c
Static task
static1
Behavioral task
behavioral1
Sample
9b39828b28c9d575bb1d844c5fd6e1bb2a49ddfa02302e84caedd075b6625d1c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9b39828b28c9d575bb1d844c5fd6e1bb2a49ddfa02302e84caedd075b6625d1c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.jlumberg-ss.com - Port:
587 - Username:
admin@jlumberg-ss.com - Password:
Xj)b!tl4
Targets
-
-
Target
9b39828b28c9d575bb1d844c5fd6e1bb2a49ddfa02302e84caedd075b6625d1c
-
Size
397KB
-
MD5
7fc4300a6f6dea00b341018b3366e8be
-
SHA1
05b8a1966cb6b423f9e0da49add7d7cd913a9c73
-
SHA256
9b39828b28c9d575bb1d844c5fd6e1bb2a49ddfa02302e84caedd075b6625d1c
-
SHA512
dcc16e705fd42d295e64580585068aed496611506ae26783321e00f63d50bbd8efadff7573f0c6c8bcc59eb9009b1b0d88fa3d5cd778135e1c049bcc203bd26c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-