General
-
Target
DATASHEET PR-NO40.exe
-
Size
151KB
-
Sample
230330-qm3qcscg79
-
MD5
d160c471d9f3f14e2516fce839f4d644
-
SHA1
59a97c4a298027af647cf2a7738030da6fc062d9
-
SHA256
1d0a3d165801a8cc1afce2a96c47e613927f5e1e2dbb11ed4e896f8bb31a3322
-
SHA512
856435a5fe28c14313c8d0fc48fd2efc249068f2518d1205d9c2ae155fe268c2b2103e61b122759fedacbaf0b7ec176c2c19c58a3806d00e9325b9896e864069
-
SSDEEP
1536:ib/cbvy5+BHJ9AJWtKUCoogCgG5cDf3Wi10GdJDbeQl7P:/bvyoJ9SIjGu73WK0GTDfl7P
Static task
static1
Behavioral task
behavioral1
Sample
DATASHEET PR-NO40.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DATASHEET PR-NO40.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tecnowares.com - Port:
587 - Username:
m.auletta@tecnowares.com - Password:
pY$WNuY3@@wed - Email To:
eretih@tecnowares.com
Targets
-
-
Target
DATASHEET PR-NO40.exe
-
Size
151KB
-
MD5
d160c471d9f3f14e2516fce839f4d644
-
SHA1
59a97c4a298027af647cf2a7738030da6fc062d9
-
SHA256
1d0a3d165801a8cc1afce2a96c47e613927f5e1e2dbb11ed4e896f8bb31a3322
-
SHA512
856435a5fe28c14313c8d0fc48fd2efc249068f2518d1205d9c2ae155fe268c2b2103e61b122759fedacbaf0b7ec176c2c19c58a3806d00e9325b9896e864069
-
SSDEEP
1536:ib/cbvy5+BHJ9AJWtKUCoogCgG5cDf3Wi10GdJDbeQl7P:/bvyoJ9SIjGu73WK0GTDfl7P
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-