General
-
Target
abcba065d8902f508e86614c9c0d16289dec443f64fb412bd040641473488ed8
-
Size
561KB
-
Sample
220520-2a9hxsfad3
-
MD5
f4e3ce75bc7891fea6a83a55bc9fa691
-
SHA1
b9594975367f1d2315dac869f06c036b43f7d593
-
SHA256
abcba065d8902f508e86614c9c0d16289dec443f64fb412bd040641473488ed8
-
SHA512
dd462e273a5d5b40144182ea276e8c939d45a4593a480f57743e6abf9552e115634bf2487c3f3140922b26ac2ea89ede74eca0f9ec4ae5ae6af41664a1a7e776
Static task
static1
Behavioral task
behavioral1
Sample
Bank Report.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bank Report.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.coffiices.com - Port:
587 - Username:
[email protected] - Password:
E5%lCvZ{l[6FG
Targets
-
-
Target
Bank Report.pdf.exe
-
Size
622KB
-
MD5
609427cc5598d5183654e09fc7312067
-
SHA1
da0d6d1050134e74e291bfd4f95069af2d661e2b
-
SHA256
dbf694fcd9a32d44e248d929d8e76c8c2e64645f591f604be81f4fe46fde7945
-
SHA512
5a99a050270dd95ef835447a39bb2f604de9bc8861f8b25df621e8be32dbdc4c78ba4dbfa980bb452a353db64da562ebe5f18a4b2728922ede72536b25317be3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-