General
-
Target
669c8ec7471a85e79d434a80fdc9ee8a9f3de32c71ca6e89928b828a0e4ad948
-
Size
682KB
-
Sample
220521-apn2zsdebr
-
MD5
509f256f482a108488493e40c6987873
-
SHA1
e6aa366596fd3a98015a8d34880aa30ab862dc43
-
SHA256
669c8ec7471a85e79d434a80fdc9ee8a9f3de32c71ca6e89928b828a0e4ad948
-
SHA512
add1c6939ee3525347651a93009affcc5c4319b83e31277eead0eb43386988a2181bbcd70d11cd2deebbcf3bd4a9be5babc7e83a1b43090dc401ea3b21586c64
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER_PDF__________________________________________,,,.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER_PDF__________________________________________,,,.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
uchenna@&1992
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
uchenna@&1992
Targets
-
-
Target
PURCHASE ORDER_PDF__________________________________________,,,.exe
-
Size
622KB
-
MD5
b5c3f5fa2a5fafe02ff621217718578c
-
SHA1
f4163b630109db02f7cfd64e3bfde6ab49b27757
-
SHA256
1d5c4bc37dad083e9b4f2361e6143c4c35ec666913488af8a75ceee52d48f805
-
SHA512
e85e2ab9ab19db172ef310c4fde36c42d12f7c8d06043214b0b385a08420f392a1b04a3f745be86d467d9bc9da81fa49559c72e0e3a1d30e79c7abc78236e760
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-