General
-
Target
95b255236bbdf896b18bd1cabb397625b59179442b23b898e32bd6a89a2fa38d
-
Size
447KB
-
Sample
220625-ltvk4sfdek
-
MD5
58db0bc82b773dbec995469b00352002
-
SHA1
01f7466108fec8807850cd9f96d46065a0adf543
-
SHA256
95b255236bbdf896b18bd1cabb397625b59179442b23b898e32bd6a89a2fa38d
-
SHA512
2592ca48cf7f8410ae61c3ce2d86606e6c736611974f90295011ac814980ef27719991c8f484649358d3ae7d020e49738219850da4b069864f1ba1cc7d3c0561
Static task
static1
Behavioral task
behavioral1
Sample
95b255236bbdf896b18bd1cabb397625b59179442b23b898e32bd6a89a2fa38d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
95b255236bbdf896b18bd1cabb397625b59179442b23b898e32bd6a89a2fa38d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pipingzone.com - Port:
587 - Username:
sales@pipingzone.com - Password:
PQ^vN@^wm6
Extracted
Protocol: smtp- Host:
smtp.pipingzone.com - Port:
587 - Username:
sales@pipingzone.com - Password:
PQ^vN@^wm6
Targets
-
-
Target
95b255236bbdf896b18bd1cabb397625b59179442b23b898e32bd6a89a2fa38d
-
Size
447KB
-
MD5
58db0bc82b773dbec995469b00352002
-
SHA1
01f7466108fec8807850cd9f96d46065a0adf543
-
SHA256
95b255236bbdf896b18bd1cabb397625b59179442b23b898e32bd6a89a2fa38d
-
SHA512
2592ca48cf7f8410ae61c3ce2d86606e6c736611974f90295011ac814980ef27719991c8f484649358d3ae7d020e49738219850da4b069864f1ba1cc7d3c0561
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-