General
-
Target
694426ae6f09cfd3d70eadd9d464f6174c44d7b4651eaabddbd7a9e5685808e1
-
Size
758KB
-
Sample
220520-29qvvsgea7
-
MD5
d2f1b6a9b3947fd2e97377ab1b88cc53
-
SHA1
d4328e0d4c3704231bf815ff554e7a527bd6041e
-
SHA256
694426ae6f09cfd3d70eadd9d464f6174c44d7b4651eaabddbd7a9e5685808e1
-
SHA512
0311afd779fe13f1b9e97ca9bf6b80db40053cd7f3b16e82a433615f439a43f4fe0e162b0cf4f5e599d0c7c9f4d44e70267dbc0e0f673248a0733765b32cd1ad
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY No. 280720205467_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INQUIRY No. 280720205467_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.specialmetal.ir - Port:
587 - Username:
[email protected] - Password:
02188985257
Targets
-
-
Target
INQUIRY No. 280720205467_pdf.exe
-
Size
894KB
-
MD5
54002d33966a416406390a7336571eb8
-
SHA1
0e91f8bf64d008057b27549ffabc8ba53b76b72f
-
SHA256
a8f804c2312a502e0eef99eb4582dbb7037bcf89031f707070f97a8ba53e5fb7
-
SHA512
34aa4ee50387cfc7b371de4cdbc061dcc175de9e5e2fcfd3e36074b33b77bb932872b0de5fefe0e689a1626b9e565946ab96097263855aebb6877e94ff9f2190
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-