General
-
Target
824d441088d742b4e313ebb1782126ec4f3c85229a39b07f285225bd1d89416a
-
Size
529KB
-
Sample
220521-aje7wsacg3
-
MD5
bff4bd58e6f552b838fe814e48b014cb
-
SHA1
5bb2a96c7371e76441635c64c4d0f308b70b98b4
-
SHA256
824d441088d742b4e313ebb1782126ec4f3c85229a39b07f285225bd1d89416a
-
SHA512
8b7f9f176cd77008caf367575928d22d7b1023fb0a0a8d75f1e3fb4ee3737671fe065b5de1959b06187b2a66e55e4d9098913df70f8314a771c2cfec20452c10
Static task
static1
Behavioral task
behavioral1
Sample
REMITTANCE ADVICE IF01112000212823419.pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REMITTANCE ADVICE IF01112000212823419.pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.stankovic.hr - Port:
587 - Username:
[email protected] - Password:
mp58zg
Targets
-
-
Target
REMITTANCE ADVICE IF01112000212823419.pdf..exe
-
Size
790KB
-
MD5
8e2843ecd350a81987669f750bbfe5ff
-
SHA1
8a2b87b5b5301ff5846de2afcd44ac968c7799e6
-
SHA256
86e731609c61fdf28983435240b0e28b9548ec53863c2db87036f0f79313c33b
-
SHA512
0d33b1ea56dec2c29e8875904f75d0dcae25bf26bce9d9e34b528f38b4a7fa458d7dde0fca5d4031c739e12a8ea6293be5d2d19d5e529c93e8460fe06a5617ea
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-