General
-
Target
d495956d568db173718d8460e6bf516577e90be224451da6c02c88aa0a579655
-
Size
588KB
-
Sample
220520-3q6bwacccp
-
MD5
81f4676bf5d0e94c4eb841be074bd07d
-
SHA1
e0a48f069a2f0207d90377854bf094f233e79763
-
SHA256
d495956d568db173718d8460e6bf516577e90be224451da6c02c88aa0a579655
-
SHA512
15dbfe2f93ec11637fae81dc45f35bc265a865f9282ec9a3c1176836258b8db750541653e624b3ca66c02e746e6c94c34f705f08ac4ec3b9775ed1ba76026b8a
Static task
static1
Behavioral task
behavioral1
Sample
DOC pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOC pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.daafco.com - Port:
587 - Username:
[email protected] - Password:
Rawan!@#
Targets
-
-
Target
DOC pdf..exe
-
Size
918KB
-
MD5
340263e4f03dadf6093525e05933334d
-
SHA1
7c799fcf02eecb989f7a9b7389c42372aceaf6f2
-
SHA256
9df842f4e228e241a4ca99bdf11e32cdf4c9d549f581d0b25b27271106db76d0
-
SHA512
99c531bfcdbbe18b719921d2deefbe61afdc2220fa293dff83fdfb71bb823f2f30dba0b5e55331aae686a470aeec237faff4451ea16dcce4412ecc10eee7743b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-