General
-
Target
4c53652f67c049b1abe6b0728af295376d5cec9c6e5bf765240482ef550365f0
-
Size
645KB
-
Sample
220701-hmpjqsgfbq
-
MD5
e38a0737d98afb1ce2a1ec8810d15339
-
SHA1
aca4251310ceaee50daefb3e992804b8637ccd8a
-
SHA256
4c53652f67c049b1abe6b0728af295376d5cec9c6e5bf765240482ef550365f0
-
SHA512
c861b7c2d6dcd6300ed91ff58edf781b8b8a256f3f3c71ae4490d1435477e4640c03e37610a4cd80ecfa305a23ae084f7281a6c19d4898dd010ee58800a30f32
Static task
static1
Behavioral task
behavioral1
Sample
4c53652f67c049b1abe6b0728af295376d5cec9c6e5bf765240482ef550365f0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4c53652f67c049b1abe6b0728af295376d5cec9c6e5bf765240482ef550365f0.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
4c53652f67c049b1abe6b0728af295376d5cec9c6e5bf765240482ef550365f0
-
Size
645KB
-
MD5
e38a0737d98afb1ce2a1ec8810d15339
-
SHA1
aca4251310ceaee50daefb3e992804b8637ccd8a
-
SHA256
4c53652f67c049b1abe6b0728af295376d5cec9c6e5bf765240482ef550365f0
-
SHA512
c861b7c2d6dcd6300ed91ff58edf781b8b8a256f3f3c71ae4490d1435477e4640c03e37610a4cd80ecfa305a23ae084f7281a6c19d4898dd010ee58800a30f32
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-