General
-
Target
f3b0ee2242ceb0315fe98301b3dd516ee81fcfa9ceefb0ce57f1811f5dc602cf
-
Size
632KB
-
Sample
220520-3kj7fsbhhr
-
MD5
a9fa8e4e751d891fb1cab05d3c8c909a
-
SHA1
d35b8799303cd84a4e0bd6ddd27bff2677197ca7
-
SHA256
f3b0ee2242ceb0315fe98301b3dd516ee81fcfa9ceefb0ce57f1811f5dc602cf
-
SHA512
b325fdada79f1d4c475ec9617f29d992a3e89f2dd39616b8efb228c3e79548223d27be6a492d2ec3220c5e0dd6eb0657e8160c0ac5e4753a8edbd2703255b9fb
Static task
static1
Behavioral task
behavioral1
Sample
ARRIYADH NEW_PDF__________________________________________,,,,.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ARRIYADH NEW_PDF__________________________________________,,,,.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
uchenna@&1992
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
uchenna@&1992
Targets
-
-
Target
ARRIYADH NEW_PDF__________________________________________,,,,.exe
-
Size
571KB
-
MD5
006d990068baae87993c2c091f5ea371
-
SHA1
79deb07d560ab7020a2053e4be9d5f613436f116
-
SHA256
dc819faf213b4e30194d132a5d5e1393392a735ddff185f7a958cad8817e3bf0
-
SHA512
655df9e878a9254ef1cb42256f6a6de35265f4b177e761e909be0642cf11e501127e5b157d0c00f828393057d779ff5eae355082b175c2c2e6a6c66ae6c37dfe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-