General
-
Target
20b1ddb78fe23b024bf7d824cb12a71aab844b5d8e4c956c778b8606bcdbdc34
-
Size
551KB
-
Sample
220520-2mfrdaafdq
-
MD5
e655ff8b96cb654d570550ca2dff85be
-
SHA1
305e9a72daff480daf51a78b3c62107222a5a22f
-
SHA256
20b1ddb78fe23b024bf7d824cb12a71aab844b5d8e4c956c778b8606bcdbdc34
-
SHA512
519c6d6a0a852ca5e19e353f532dcdf4ed0ef51575f9b0684144a052b6fc2b39b391b1772a26a1d853cf4e206a6417d55b51c12efb194f78fbc82ac9a6bc246e
Static task
static1
Behavioral task
behavioral1
Sample
PDF45678234.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PDF45678234.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
@jaffinmarknma@344
Targets
-
-
Target
PDF45678234.exe
-
Size
598KB
-
MD5
6a0ea6a397d1f0a4c8f2cab9ea382e13
-
SHA1
d1b5d3215858812d42d3c3b89f873cc48b4a1a5a
-
SHA256
5c0413285df419d479d3dff547aaeed3e6866566f7c84fdf2fbf583a8616df32
-
SHA512
e26890dbfc606b8c59f4e8684be6b357e5210b03b733b711f3639bc4b685081bb46eeba2e25d7793ea460213cdb7727a0679890f354fcd83affc2d23038c8ef2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-