General
-
Target
aadeddf7085ebe4c3baef70203b5891e00ca771437f6a99176fe0ce99e965943
-
Size
455KB
-
Sample
220520-31shrshha9
-
MD5
04c5f2dfa1565b642dc1172e884cb317
-
SHA1
4f3570766f300b711805eb372a8fe5ccb5f7c547
-
SHA256
aadeddf7085ebe4c3baef70203b5891e00ca771437f6a99176fe0ce99e965943
-
SHA512
4ae2e650e90dd74d56851d7c93557bdf8e45924c628492d09826cbc39862274ca32d3f410d4b1c8b3477f107b4550b8dfe74cdf7d67dd4db8c7ba5c34ebec7da
Static task
static1
Behavioral task
behavioral1
Sample
COTIZACIÓN__pdf_______________________________________________________________________________657575.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
COTIZACIÓN__pdf_______________________________________________________________________________657575.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
SMTP.epaindemgroup.com - Port:
587 - Username:
[email protected] - Password:
aduR#@wG#r73
Targets
-
-
Target
COTIZACIÓN__pdf_______________________________________________________________________________657575.exe
-
Size
558KB
-
MD5
ed125c3cecce28197ac78d02b2b726dc
-
SHA1
936593ab3c355cc050d726d1ecb804734256eb91
-
SHA256
068f8f5419192944a9428ea625fe56e1e8ad5cc35547988c335293975b952591
-
SHA512
44800d2fbb240a54b36420eeb57d65f772f2ef0853392a9234d98108365e3006b79b2f131a659720c7d8917db6e4d6e33c14e619636a521e75819336fa8bbb40
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-