General
-
Target
f58569cf12f290aaf8ab11eef8aa242dc01528b5a7fbed2eb1deb601905211e4
-
Size
432KB
-
Sample
220520-3j7w5abhhj
-
MD5
65f427e771dd620051eea8492bebec3e
-
SHA1
c8b29af4e6daeb172ef4a3a2d9e6a3a4c8f8e71e
-
SHA256
f58569cf12f290aaf8ab11eef8aa242dc01528b5a7fbed2eb1deb601905211e4
-
SHA512
c482b9f5a3bf9c78abb79fb6236bca2691e12a1e32cef5b25a6411c52cfcf79fc4c4e22d561035501e91469f97f6de382d54cad29ec62adcfa501bfdb146c513
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.pdf,....exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift copy.pdf,....exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ffiegypt.com - Port:
587 - Username:
[email protected] - Password:
12345678az
Targets
-
-
Target
Swift copy.pdf,....exe
-
Size
611KB
-
MD5
046396ed46cad7eb60175d3c8e5ef031
-
SHA1
62fdb0cc9ed8ce1670c4eee6220d489927fa3b89
-
SHA256
0af16f11d3c4f8de65e4a6edba5d3ae82ea4e1b5a4ad5017b4e6363884998488
-
SHA512
3d63fdf4a92d9218cc8c4e6c167963a361436ea9a55d663c2ffc435a7adbef7dfa56876b0b55dfaa57f2f725d0ce84c6d85d7f07583e2d1bddb82b371f2867fc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-