General
-
Target
e37dfd22eb88db0869e3629b579abd3f14c6cdaae221e84aa97be7c094753c70
-
Size
409KB
-
Sample
220521-a9ap4aeeeq
-
MD5
8f82a47b21ce98fd48e4f220e40c8747
-
SHA1
75cddca1f101896b6a5162e34671cefdf3d8ebf1
-
SHA256
e37dfd22eb88db0869e3629b579abd3f14c6cdaae221e84aa97be7c094753c70
-
SHA512
542f1ed9514b8663e90d9e1000ad6e19578698b69c69749ad63a96b7931e639cd2dffbc8b49c152a092a3c6a9dd6622080ee4ab58d538c7c7a52c564264b9448
Static task
static1
Behavioral task
behavioral1
Sample
overdue account letter.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
overdue account letter.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
overdue account letter.PDF.exe
-
Size
461KB
-
MD5
1319cf2f252ccac65fc3d468b487593d
-
SHA1
ba35e5badeaac9233605ca750849dd3ee324413a
-
SHA256
0843dfe5e6b3266770393c129939c4fc85db09ee36dd51696fbc711a3b556460
-
SHA512
025a7cb074dbb315bb9e3366cd71a1cced563a8e17143d1cdc51d20eeb0a73d374fbc1f5f044eba2edc111a2c1970654060b55f6c1c09b8331ca9e887e4561bb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-