General
-
Target
e161e75ce429f205391edd306be2e85b629d45c4f57a531b3c257d4216eaebe9
-
Size
529KB
-
Sample
220520-3nndaahca4
-
MD5
f672bc4cecd2cfa894099f2888c741c5
-
SHA1
5aaed903ed34a4ba368b352d39ac99a7badd209a
-
SHA256
e161e75ce429f205391edd306be2e85b629d45c4f57a531b3c257d4216eaebe9
-
SHA512
089d3c7ffa4780980584793d551552b7130a02f86b97ca44e8fdeb29fe450162c57a8e01817f2faac526be10c6e1bf51f3032b76ee4de206b3d236543d0d7a55
Static task
static1
Behavioral task
behavioral1
Sample
PO07212020_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO07212020_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bosut.mk - Port:
587 - Username:
[email protected] - Password:
0XsKEemhd6EE
Targets
-
-
Target
PO07212020_PDF.exe
-
Size
1.1MB
-
MD5
f9b83d22928f305ae1dfa7be13bdc3c6
-
SHA1
330a23efad6cf833b4a4a77f47fc78dd01f1c073
-
SHA256
af8343cc25fb243e378897bcf5c22ff94287610ae86538862feb362e2382b456
-
SHA512
882fbe6eeb069c3b73604d77278028277ae00aee8774f76d16c1e01a623e0df53b97e45ae8469d59ce9dbad96bab9cda83900481d2ad92f5834299bea02adcd3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-