General
-
Target
af42b1b064c44af83911da398abbe5d3359a7ea4492bfba10a18aac6a043083f
-
Size
824KB
-
Sample
220520-3ztdnshgf5
-
MD5
b8c38682fae4f4ee0c093e54ad581666
-
SHA1
01bfa8e3df2ce489551c92603e6d9abd170b7cd6
-
SHA256
af42b1b064c44af83911da398abbe5d3359a7ea4492bfba10a18aac6a043083f
-
SHA512
7fa6acdc12d3f94fcdeca4dbacaf8cecd2d3a3470357f06af4917362426339d51b687f0a907f7afd6e42388aba98fc970334843126c9053bffeb661f400b0717
Static task
static1
Behavioral task
behavioral1
Sample
shipping document.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
shipping document.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server03.imanila.ph - Port:
587 - Username:
[email protected] - Password:
sMh8K&LwfD2n
Targets
-
-
Target
shipping document.pdf.exe
-
Size
764KB
-
MD5
0889462bfd5453de7c9cc76349f4524b
-
SHA1
5b51a1f647c62b5aafed85cf13437e1695ab32d3
-
SHA256
b4acc93842006e649216fa6e4f9686443174eed13b91dfe359cd3c44d61e0ffa
-
SHA512
a741ab113c5a83b9d2f01b6e62b01dfe9a70281b49fac5df9263d29e0fd099eba52c7da3ee6de158bcbae24a14ae5118aa8ee8b7ccc503d7b009a24bdbc9d5ca
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-