General
-
Target
4EBE6@3.exe
-
Size
626KB
-
Sample
220805-lgghqahgc5
-
MD5
ade71491b076ca7a43effaf0214dd030
-
SHA1
75623647a35d7bfbfc0df5dfc24646c8d53367d1
-
SHA256
81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2
-
SHA512
0ce24d7d57ef34725fc806b07d54e1423d4c685f81a5471a73f2de18bec01e2c0b4272f30b7a7304847ee478c5f68dfc3a2ea0958b1c4f8be5761a35b801a203
Static task
static1
Behavioral task
behavioral1
Sample
4EBE6@3.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
4EBE6@3.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
Protocol: smtp- Host:
multimetals.cfd - Port:
587 - Username:
logs@multimetals.cfd - Password:
logs@multimetals.cfd
Extracted
agenttesla
Protocol: smtp- Host:
multimetals.cfd - Port:
587 - Username:
application/x-www-form-urlencoded - Password:
logs@multimetals.cfd - Email To:
asset@multimetals.cfd
Targets
-
-
Target
4EBE6@3.exe
-
Size
626KB
-
MD5
ade71491b076ca7a43effaf0214dd030
-
SHA1
75623647a35d7bfbfc0df5dfc24646c8d53367d1
-
SHA256
81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2
-
SHA512
0ce24d7d57ef34725fc806b07d54e1423d4c685f81a5471a73f2de18bec01e2c0b4272f30b7a7304847ee478c5f68dfc3a2ea0958b1c4f8be5761a35b801a203
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-