General
-
Target
Purchase order PO 137691-Prices.exe
-
Size
77KB
-
Sample
220706-e8sxhaagd6
-
MD5
cf6bd5ec5a6e342d178606342c4ed570
-
SHA1
07d672b6844c6ae6e7a24d2f5b70303c584689de
-
SHA256
3fbd622eb1a9ecc989c5938bc7d4368096a4be0035d727a636bfcf00c870b1fd
-
SHA512
ec49e9a6f8af2eb87b80e86d584762a01b8762ba7c9e470a7151c31c3308002a939cbfdfb6adf93a44d83f39a68c2fe5792f2c7b44e9d10232ddb3cefcd3316b
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order PO 137691-Prices.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order PO 137691-Prices.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.agro-egypt.com - Port:
587 - Username:
mustafa@agro-egypt.com - Password:
Alex@306
Extracted
agenttesla
Protocol: smtp- Host:
mail.agro-egypt.com - Port:
587 - Username:
mustafa@agro-egypt.com - Password:
Alex@306 - Email To:
wokwok507@yandex.com
Targets
-
-
Target
Purchase order PO 137691-Prices.exe
-
Size
77KB
-
MD5
cf6bd5ec5a6e342d178606342c4ed570
-
SHA1
07d672b6844c6ae6e7a24d2f5b70303c584689de
-
SHA256
3fbd622eb1a9ecc989c5938bc7d4368096a4be0035d727a636bfcf00c870b1fd
-
SHA512
ec49e9a6f8af2eb87b80e86d584762a01b8762ba7c9e470a7151c31c3308002a939cbfdfb6adf93a44d83f39a68c2fe5792f2c7b44e9d10232ddb3cefcd3316b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-