General
-
Target
ce7ad7a3b275d9e45e5e41c1aa5bdc481bdba7159f6f7e3939e5b1a0f60a71a2
-
Size
366KB
-
Sample
220520-3sp3nscchj
-
MD5
71c2b4f5b11e16a0e96b45db0786d105
-
SHA1
5eec5bc11a2ad37cff8749fafb1c7ff4733b40b6
-
SHA256
ce7ad7a3b275d9e45e5e41c1aa5bdc481bdba7159f6f7e3939e5b1a0f60a71a2
-
SHA512
12ca894f20422e1d9dcc21b65244e96b407a86b6490b22cdfd35e21f8953e84432c6b6ac60584739996bad42c8a0fe14dbe0b7c6f82d322b22a65d353702208b
Static task
static1
Behavioral task
behavioral1
Sample
P66 2020 master sheet.xlsx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
P66 2020 master sheet.xlsx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mdist.us - Port:
587 - Username:
[email protected] - Password:
Receiving#4321
Targets
-
-
Target
P66 2020 master sheet.xlsx.exe
-
Size
695KB
-
MD5
07080c3aa5fd6d80e5681275ce15afb9
-
SHA1
75e09d1b4f40bea0b068ce79e407ba9b8e8e8ccd
-
SHA256
8580f9a8e64dff0c0d6ecbfe2b90642a972fa20bf91d1b4762ea2cc9c3433225
-
SHA512
d21099e5a4537ae609c28e1a2d2afbfbeb15ec9e947c8cc195c56a5fd5aa2b492ea2195521bdc20c6f43daefe59a1eddf7dcaa347501b3a9439a3b4f2f269c25
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-