General
-
Target
78754a57a06bd7b5f2eaa2fbee3ef6ccfcf04dfc1500f9c1dff4f115f67c2929
-
Size
360KB
-
Sample
220521-alrcyaade7
-
MD5
563c2430d43ea79f03f55b0c5945a4ff
-
SHA1
905e7ccb46184a56380952584cdf9cfd7b717c16
-
SHA256
78754a57a06bd7b5f2eaa2fbee3ef6ccfcf04dfc1500f9c1dff4f115f67c2929
-
SHA512
9102d2f661c2326ebaab5a2dcb5568376dd21f764c5c783c55a8afa764722f89f8bc5f69320612f05c216c6a06d8bd14f2e08faf51c61807263b8e93a82912ed
Static task
static1
Behavioral task
behavioral1
Sample
overdue invoice.pdf...exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
overdue invoice.pdf...exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.matrixas.in - Port:
587 - Username:
[email protected] - Password:
info2013
Extracted
Protocol: smtp- Host:
mail.matrixas.in - Port:
587 - Username:
[email protected] - Password:
info2013
Targets
-
-
Target
overdue invoice.pdf...exe
-
Size
539KB
-
MD5
fa0c9ce3695691566ec8fbba088433c6
-
SHA1
1b5693cbe7521087c8bb5b46a8706edb71b037a4
-
SHA256
93c807a2fb8dff5a30d9f860f1eb98304d8303f8fff4c53c98870201d6d3eb68
-
SHA512
b3bb49000f13d18163d685905384b7acbca9b165cc009b53830c7f567b5c9f762fb6c6d1c08036db774265c1048d3e62b6ca198253a37a8a5a19adcffac4c57a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-