General
-
Target
89d032f139fd088c071458b575b4d046a88ad4fac02965480cca608fafe21902
-
Size
406KB
-
Sample
220521-agqwlsacb2
-
MD5
fd3a93c686e72c0aa9cd40aa77a952c1
-
SHA1
934b3d6318ce048c4e8bc13eac8a50549896ab74
-
SHA256
89d032f139fd088c071458b575b4d046a88ad4fac02965480cca608fafe21902
-
SHA512
f50421b30dbae79737deabca656cd39a5967b31d764da6e49d0e3b47412d182cfc8d0785eaae27add1100e68198a15f9a92125aff7b7d56ca3f326b73df464ab
Static task
static1
Behavioral task
behavioral1
Sample
PNQNR00000118.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PNQNR00000118.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
PNQNR00000118.exe
-
Size
457KB
-
MD5
01bdf85fd9d60dc595da5538886183b6
-
SHA1
5177aaa631370a9b2eb96a96c6c21710c7992669
-
SHA256
64264df837360c369765793af002c3576660a16f686473b5d3d97733c10a8ecb
-
SHA512
3bfb8630cee7fea2d44e4ae867daa0ec75b986042a5275e871106297826f9dfe46e24ae1df9ce51e14a4632519cb60871f32dc3abd964d0495425b4bedf6a8f5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-