General
-
Target
900a8c1323a4c379b16a742171d24aefe84e5b77ff8dcca548da759de64fd5c4
-
Size
372KB
-
Sample
220701-dwfwqsbgd4
-
MD5
94c03672b3502acbb9e76b90084e206b
-
SHA1
10457af028d473eaba4f99462b378b6bc67e7f53
-
SHA256
900a8c1323a4c379b16a742171d24aefe84e5b77ff8dcca548da759de64fd5c4
-
SHA512
13cec51caaddda90819583b1877c43ae2176098c58c57f5ddf54a165d87ddda2ba60cdaef19663fb9e945e85287980ea5b2ab67841af0d24be78f79937d7ac6c
Static task
static1
Behavioral task
behavioral1
Sample
900a8c1323a4c379b16a742171d24aefe84e5b77ff8dcca548da759de64fd5c4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
900a8c1323a4c379b16a742171d24aefe84e5b77ff8dcca548da759de64fd5c4.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.senaussfreezone.com - Port:
587 - Username:
hamed@senuessfreezone.com - Password:
Moscow2018
Targets
-
-
Target
900a8c1323a4c379b16a742171d24aefe84e5b77ff8dcca548da759de64fd5c4
-
Size
372KB
-
MD5
94c03672b3502acbb9e76b90084e206b
-
SHA1
10457af028d473eaba4f99462b378b6bc67e7f53
-
SHA256
900a8c1323a4c379b16a742171d24aefe84e5b77ff8dcca548da759de64fd5c4
-
SHA512
13cec51caaddda90819583b1877c43ae2176098c58c57f5ddf54a165d87ddda2ba60cdaef19663fb9e945e85287980ea5b2ab67841af0d24be78f79937d7ac6c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-