General
-
Target
PO_4500003061 signed copy.exe
-
Size
880KB
-
Sample
221207-h3s7vseh53
-
MD5
9bd1c9256c64814f6c83e3a76f60c42c
-
SHA1
b7867985ca8a61d942e82a021e27b9dbea5c0b42
-
SHA256
59e009667dbb1344d0639b171763fe0d79b27e4419df4ee9829b7789197cc6e4
-
SHA512
ec602de86a0eaf3472a2bade71d66b05e3fb833a14392baae9bf699a46aebbd8c2892cea2ecca9ec8b79d3a68a6f86c43bf267888bc83607fecd40bbf24fa102
-
SSDEEP
24576:mvH2Mj6pEyFxCUVZHp24gBxIKH9zPlESv:mvWMu6yFVVxp24gBzRP+Sv
Static task
static1
Behavioral task
behavioral1
Sample
PO_4500003061 signed copy.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
PO_4500003061 signed copy.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.saudlunion.com - Port:
587 - Username:
[email protected] - Password:
QkOo#D#4
Targets
-
-
Target
PO_4500003061 signed copy.exe
-
Size
880KB
-
MD5
9bd1c9256c64814f6c83e3a76f60c42c
-
SHA1
b7867985ca8a61d942e82a021e27b9dbea5c0b42
-
SHA256
59e009667dbb1344d0639b171763fe0d79b27e4419df4ee9829b7789197cc6e4
-
SHA512
ec602de86a0eaf3472a2bade71d66b05e3fb833a14392baae9bf699a46aebbd8c2892cea2ecca9ec8b79d3a68a6f86c43bf267888bc83607fecd40bbf24fa102
-
SSDEEP
24576:mvH2Mj6pEyFxCUVZHp24gBxIKH9zPlESv:mvWMu6yFVVxp24gBzRP+Sv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-