General
-
Target
67d91c5221480de0bacdc3dd366e4712a1e0a76ebcbfeb02830a139b85f4f522
-
Size
452KB
-
Sample
220521-apg9fadebm
-
MD5
392e72f9dde8b716b8853f9990d34816
-
SHA1
5792631aaa327d372ac8daec34846582501d0127
-
SHA256
67d91c5221480de0bacdc3dd366e4712a1e0a76ebcbfeb02830a139b85f4f522
-
SHA512
e508227c560b2646c7ca1fa0229ea97540a4dad92df58ca704bc0e46adeaa866ed80351d489b76e3fab9b216d439efe333475c16ab21e106136f804a7ad603da
Static task
static1
Behavioral task
behavioral1
Sample
FINAL SHIPPING DOCS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FINAL SHIPPING DOCS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.el-sever.com - Port:
587 - Username:
[email protected] - Password:
admin123
Targets
-
-
Target
FINAL SHIPPING DOCS.exe
-
Size
711KB
-
MD5
7e55d24c0f8c1eede0c92de6eaf638f2
-
SHA1
4ca3308afd73d550567395fbb10e1f9a5400ba5b
-
SHA256
606d39731ffeb838a7e31286cf75dba0c3ac101984e9c95cbeafd284d5e25671
-
SHA512
3a8136603025b2bbb3bfe13dbcec068196db19fa3f4353d3af9de19f76f471324137737aceb3b6a1111f525176e587d7f0d81b998b44ad31dbf848fc0de3936d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-