General
-
Target
65b7b3eb15b6563c277b66fedf41af12c9d3a1d909d41943089b8282103299ce
-
Size
599KB
-
Sample
220521-apwrtsafa4
-
MD5
c98ccca578fb30b3edf2d894caeac533
-
SHA1
8f5243116fb361e04f7d7c84aac53a88babbc1b1
-
SHA256
65b7b3eb15b6563c277b66fedf41af12c9d3a1d909d41943089b8282103299ce
-
SHA512
92a72cc4292fe2c043755ee865f3078e47315219fc79892d027cc72d3a1d593c7201f943b6f58901a799a650ba9afd2342674e3efd1d1c352dfab92108ec9549
Static task
static1
Behavioral task
behavioral1
Sample
New Orders- POB0.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Orders- POB0.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
New Orders- POB0.pdf.exe
-
Size
783KB
-
MD5
0f22eacae1316be03f6829946306b593
-
SHA1
3a3d3297ae8b1e96bc0fda3502a58d69447a2577
-
SHA256
b6cbbb6a53fb168a24f6a2f4bbf296547e5ece0314e2b9c21d6662af66a3ac4a
-
SHA512
3b74d936eb6faeab8ea2b37aee1bf90ee54e76a0e37f8ba08d2580908cb648d19da89720a51e5475298abfdab969a474f6145157e5b2662767f7a05795ab6e36
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-