General
-
Target
67ce96526b3a1fd2df181a0e27fd1644705ecb0af4f746fd934925dbbfc8dde1
-
Size
479KB
-
Sample
220520-3cm85sgfc9
-
MD5
50973ff8d3aa1052103dd93e275a0478
-
SHA1
fe88f8c86d3d605942c14ec3a1c3a76d02ff0387
-
SHA256
67ce96526b3a1fd2df181a0e27fd1644705ecb0af4f746fd934925dbbfc8dde1
-
SHA512
7fdb91b5ce11df927081eee8fabba0375f11d843fe391a253b87c9c21a501ec3f19c71165f08f5e7736f35b0aeed16e2f88e85f69fbb18527354cc9f5bde9b85
Static task
static1
Behavioral task
behavioral1
Sample
REMITTANCE ADVICE IF01112000212823419.xls.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REMITTANCE ADVICE IF01112000212823419.xls.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.blc.com.np - Port:
587 - Username:
[email protected] - Password:
bhuramal
Targets
-
-
Target
REMITTANCE ADVICE IF01112000212823419.xls.exe
-
Size
705KB
-
MD5
02b4cd91c80eb6395d1329beb9e20d15
-
SHA1
dd02b4a3c4e10fe21d4276e5d1e37eeb7ba38e3b
-
SHA256
0ccd73a94d46ffb3f88ab74256197c9cb5e15d87f017b5752ee557985138c1b4
-
SHA512
c16e27c117447765148b7e9999d4b01a70fb59a9b1e70c607e7c350e3967b92d0361c508b00c8a56994af49a1aad03525e959abd677a1fd19b7605b24071d014
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-