General
-
Target
B35@6B.exe
-
Size
586KB
-
Sample
220724-tbmfsahgbl
-
MD5
6753a24ed2a75dbd488c0a1783f03d05
-
SHA1
70c061619c4ebbbb111923257e76cd3cef5b3618
-
SHA256
a9b46ddb3ed98e2ca5e71253a69f686e1f618f724821eb98b52b812844117f33
-
SHA512
f7ffb706831a980a4fb1a631de7a7e594de3b95f490b869291439c828ed77afce69f168ac5e23b105fca5709d6f07b662a080cdce49dd81fd3db0b938465d588
Static task
static1
Behavioral task
behavioral1
Sample
B35@6B.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
B35@6B.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
Protocol: smtp- Host:
multimetals.cfd - Port:
587 - Username:
logs@multimetals.cfd - Password:
logs@multimetals.cfd
Extracted
agenttesla
Protocol: smtp- Host:
multimetals.cfd - Port:
587 - Username:
application/x-www-form-urlencoded - Password:
logs@multimetals.cfd - Email To:
asset@multimetals.cfd
Targets
-
-
Target
B35@6B.exe
-
Size
586KB
-
MD5
6753a24ed2a75dbd488c0a1783f03d05
-
SHA1
70c061619c4ebbbb111923257e76cd3cef5b3618
-
SHA256
a9b46ddb3ed98e2ca5e71253a69f686e1f618f724821eb98b52b812844117f33
-
SHA512
f7ffb706831a980a4fb1a631de7a7e594de3b95f490b869291439c828ed77afce69f168ac5e23b105fca5709d6f07b662a080cdce49dd81fd3db0b938465d588
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-