General
-
Target
SOHD5510420.Scr.exe
-
Size
880KB
-
Sample
221207-h56kzahh9t
-
MD5
a968d6ad57890d14a90d141bdf701a6f
-
SHA1
850a3b7eb6d6251385c22dd9ddf1103714ae63c7
-
SHA256
a32619cd26fbb97072657ec6a481d4f4fd6c51b72ea5ea0837006d9a8dd24800
-
SHA512
8cf15a33bb90f5e62e21914edb533048a7605022cbbcd7284e583d5b9230402a6dbd194668216beafc5f651265fb964513593ccc133450e0b5fb46972ce140af
-
SSDEEP
12288:cFoQgKZ/nXt7virmWhlGLaQYIM9plrYowdeGy31hxaiNQZQ8mPSH9sz25mIGIIKP:cENE/yFhsKwH9sz28IGIIK8DErr
Static task
static1
Behavioral task
behavioral1
Sample
SOHD5510420.Scr.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SOHD5510420.Scr.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
work-toolz.click - Port:
587 - Username:
[email protected] - Password:
3HLkst~=QzD3
Targets
-
-
Target
SOHD5510420.Scr.exe
-
Size
880KB
-
MD5
a968d6ad57890d14a90d141bdf701a6f
-
SHA1
850a3b7eb6d6251385c22dd9ddf1103714ae63c7
-
SHA256
a32619cd26fbb97072657ec6a481d4f4fd6c51b72ea5ea0837006d9a8dd24800
-
SHA512
8cf15a33bb90f5e62e21914edb533048a7605022cbbcd7284e583d5b9230402a6dbd194668216beafc5f651265fb964513593ccc133450e0b5fb46972ce140af
-
SSDEEP
12288:cFoQgKZ/nXt7virmWhlGLaQYIM9plrYowdeGy31hxaiNQZQ8mPSH9sz25mIGIIKP:cENE/yFhsKwH9sz28IGIIK8DErr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-