General
-
Target
1d0df1a32a2668c35c848250b8c7809fb571454e26d75437942c67ae2d3f3f12
-
Size
2.1MB
-
Sample
221204-ty8yasfb52
-
MD5
6371ea30694e80ab36d41c97e833d15b
-
SHA1
eed7dffcb05116c1e7326efd3182a366e251015e
-
SHA256
db40550973c646958d44e6f7d85381d0a32c66b5ac5c947108a6ba1c7ea53e49
-
SHA512
51af8edd980f6054d6cb74bab965555a20833c56680620f4b11b9e01cddf3ed638a22cc6c8674ecb936c6faf0920780337196388252870472eb415f98ab87a7c
-
SSDEEP
49152:aBgQdYNq60soSToEJl9i5I/RwLerAVm5LMXqf8AHA:UgQdYwmLJuSrAqLMjT
Static task
static1
Behavioral task
behavioral1
Sample
1d0df1a32a2668c35c848250b8c7809fb571454e26d75437942c67ae2d3f3f12.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1d0df1a32a2668c35c848250b8c7809fb571454e26d75437942c67ae2d3f3f12.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
pifgweijlylkellk
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
pifgweijlylkellk
Targets
-
-
Target
1d0df1a32a2668c35c848250b8c7809fb571454e26d75437942c67ae2d3f3f12
-
Size
2.1MB
-
MD5
ac218915a4631cb36a1674880cf8e97b
-
SHA1
daaae1e4baa600e4f39f86b194c6b48ba6bb1cc6
-
SHA256
1d0df1a32a2668c35c848250b8c7809fb571454e26d75437942c67ae2d3f3f12
-
SHA512
8051f251409b79471ccc9a83ce6f26a6bc410e9fdccfb6036239fe698518b2e7353524fb83a6e0e53816c21171225bc928611ea4e72d1fb6559ea1104c386fa9
-
SSDEEP
49152:Ql+QbYXigSsoSTKyJTbihO1b2LITEzk5nC1KfWCX:i+QbYCmfJ80TEqnCZE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-