General
-
Target
d1ec9ff70f511b0daab7d597fe8c402fed5b5c3ca5fd4dbc9d0f0e2f93ae1a0d
-
Size
448KB
-
Sample
220520-3rzwgsccep
-
MD5
5b2b75817e51937ea77c7518789c8e04
-
SHA1
2d2684c4e189c86556c7f1b392acbac96b6afed0
-
SHA256
d1ec9ff70f511b0daab7d597fe8c402fed5b5c3ca5fd4dbc9d0f0e2f93ae1a0d
-
SHA512
c72bd0b423fe4b1dd2e2595c27e2c9d9643572e75f2f03257e070b3ec4c47353f822d9dfccc4a1512b43bab31dc32c1c6d939c27b83adb69973fae631f0032b7
Static task
static1
Behavioral task
behavioral1
Sample
PDF4023567.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PDF4023567.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
@jaffinmarknma@344
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
@jaffinmarknma@344
Targets
-
-
Target
PDF4023567.exe
-
Size
702KB
-
MD5
b3fd61d7dc278f59457c6250830bb4f0
-
SHA1
fbd24d0fa9bca10177934481b39fbe02c651655a
-
SHA256
97de6c160babaf971dcb6050553dca24d3979b994879387c2c1fee52156c02f0
-
SHA512
446efc6570e738d1cbda85dcff906b8a738ffaa13e046978d01ec52c6f1d61eb42d566654f8b7c17556e868a7edc7ca2d8038cecb96c6111b6801f6460665909
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-