General
-
Target
d8b80f929fc91b93ed9f4381cdc275b3846354da266b9ded555157f7c7c15fc1
-
Size
471KB
-
Sample
220520-3p9mxaccal
-
MD5
c3e8ab0de441172c7157fae99a3c4180
-
SHA1
8219d501b52d5d1d1681a296dbf38a88e7e19d8f
-
SHA256
d8b80f929fc91b93ed9f4381cdc275b3846354da266b9ded555157f7c7c15fc1
-
SHA512
0067173b44be3960e145bb8ad7eef9966deedf759feda6eda5ae67036460b15fcbecd9afb98596da7420fae96540b8a8af5dd14cf6c5ca5b9ff8fdbc8fcf6443
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.pdf.. (2).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift copy.pdf.. (2).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.stankovic.hr - Port:
587 - Username:
[email protected] - Password:
mp58zg
Targets
-
-
Target
Swift copy.pdf.. (2).exe
-
Size
726KB
-
MD5
d6f16dcc168e50d0f56ab75145967baa
-
SHA1
53e0b0dc082921fd979bcdaf51e22d57c13e35d7
-
SHA256
a63ac2c19153c340a54a2be27ac53722f5c5a653fd851b32931add8fe353c6c3
-
SHA512
ec36263b3df765414755641f32c0c9af54017140e406886514e94c2ac82d9c38d00c0cf7341d7e84df348c66a44de6b49167d7ff4344dd9139267739318f8ffa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-