General
-
Target
552ef08623f28b4c41e1df65c2c09323965c408a5edbc49990b6eeeb0b51ff76
-
Size
1.0MB
-
Sample
221125-knknaahg61
-
MD5
52a916b74fab3f2c9d2b2775bbd28642
-
SHA1
68e1ae1586f6aa2370ad2fac71efead1f12b3875
-
SHA256
552ef08623f28b4c41e1df65c2c09323965c408a5edbc49990b6eeeb0b51ff76
-
SHA512
b6a763b63bd45babaeaa49131077fec9dd7edb34ecc6ddfa3b5ab3f03d668ff9ad4a03a5c52164c6ef2ea32b0e4a698b48d193a728d6f948679397831724490a
-
SSDEEP
24576:I7bLoEslXMhl31Ju53x5K8yRAX4LJlR0//H:IDbsxMH1o53x5K8yRAX4LJn0n
Static task
static1
Behavioral task
behavioral1
Sample
552ef08623f28b4c41e1df65c2c09323965c408a5edbc49990b6eeeb0b51ff76.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
552ef08623f28b4c41e1df65c2c09323965c408a5edbc49990b6eeeb0b51ff76.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sky-qrp.com - Port:
587 - Username:
[email protected] - Password:
h!xUls&%FS,V
Targets
-
-
Target
552ef08623f28b4c41e1df65c2c09323965c408a5edbc49990b6eeeb0b51ff76
-
Size
1.0MB
-
MD5
52a916b74fab3f2c9d2b2775bbd28642
-
SHA1
68e1ae1586f6aa2370ad2fac71efead1f12b3875
-
SHA256
552ef08623f28b4c41e1df65c2c09323965c408a5edbc49990b6eeeb0b51ff76
-
SHA512
b6a763b63bd45babaeaa49131077fec9dd7edb34ecc6ddfa3b5ab3f03d668ff9ad4a03a5c52164c6ef2ea32b0e4a698b48d193a728d6f948679397831724490a
-
SSDEEP
24576:I7bLoEslXMhl31Ju53x5K8yRAX4LJlR0//H:IDbsxMH1o53x5K8yRAX4LJn0n
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-