General
-
Target
8df60e833397cdb9a0c45f88446c486699f6ef6bc8271d165dc5c0aab0c40b9a
-
Size
564KB
-
Sample
220521-afq5zsdaej
-
MD5
b8ad45c8f1b68f4bfd7ed95371ac8f24
-
SHA1
f8612ae26a623aa58d29ba17924e55858a178153
-
SHA256
8df60e833397cdb9a0c45f88446c486699f6ef6bc8271d165dc5c0aab0c40b9a
-
SHA512
47a85d6f3a7736beaa3bd0737032e79eb647746460aa5f352ec2fc9aa5987207f24560c5f69b37da03273b4518f59e82c368688f6e8faca42df03595fff8948b
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOCUMENTS pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.daafco.com - Port:
587 - Username:
[email protected] - Password:
Rawan!@#
Targets
-
-
Target
DOCUMENTS pdf..exe
-
Size
827KB
-
MD5
9816d40b30b9873d12e4d5c9895cd4cc
-
SHA1
f0504c605d3f34de69fce002861895e740748e3a
-
SHA256
887b8c631973cc6f3007d8ac0e45d1a198999d131877dfcf2736fde9c2499401
-
SHA512
85c4961e8f148a6d871e5d5ae198ab0b0d1a0e50afb4ccd532fd585953dbd93bfdb6e00c9d29f84f634161f45bd7050095281387aefa15de5c86d080d6ad145a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-