General
-
Target
SOHD5510420.Scr
-
Size
880KB
-
Sample
221207-h5vtgahh7v
-
MD5
a968d6ad57890d14a90d141bdf701a6f
-
SHA1
850a3b7eb6d6251385c22dd9ddf1103714ae63c7
-
SHA256
a32619cd26fbb97072657ec6a481d4f4fd6c51b72ea5ea0837006d9a8dd24800
-
SHA512
8cf15a33bb90f5e62e21914edb533048a7605022cbbcd7284e583d5b9230402a6dbd194668216beafc5f651265fb964513593ccc133450e0b5fb46972ce140af
-
SSDEEP
12288:cFoQgKZ/nXt7virmWhlGLaQYIM9plrYowdeGy31hxaiNQZQ8mPSH9sz25mIGIIKP:cENE/yFhsKwH9sz28IGIIK8DErr
Static task
static1
Behavioral task
behavioral1
Sample
SOHD5510420.scr
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOHD5510420.scr
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
work-toolz.click - Port:
587 - Username:
[email protected] - Password:
3HLkst~=QzD3
Extracted
agenttesla
Protocol: smtp- Host:
work-toolz.click - Port:
587 - Username:
[email protected] - Password:
3HLkst~=QzD3
Targets
-
-
Target
SOHD5510420.Scr
-
Size
880KB
-
MD5
a968d6ad57890d14a90d141bdf701a6f
-
SHA1
850a3b7eb6d6251385c22dd9ddf1103714ae63c7
-
SHA256
a32619cd26fbb97072657ec6a481d4f4fd6c51b72ea5ea0837006d9a8dd24800
-
SHA512
8cf15a33bb90f5e62e21914edb533048a7605022cbbcd7284e583d5b9230402a6dbd194668216beafc5f651265fb964513593ccc133450e0b5fb46972ce140af
-
SSDEEP
12288:cFoQgKZ/nXt7virmWhlGLaQYIM9plrYowdeGy31hxaiNQZQ8mPSH9sz25mIGIIKP:cENE/yFhsKwH9sz28IGIIK8DErr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-