General
-
Target
4438ac3a817a18c6e18e17a9dd9ae8d9979654adba138d315fa107ccf1e20e0e
-
Size
734KB
-
Sample
220521-axv59sdhhm
-
MD5
e243e97c452e6e4c697bbcbe9c7fb4ac
-
SHA1
23a9ca82b35bd3bf7a327ff8c335fdcad286ee5c
-
SHA256
4438ac3a817a18c6e18e17a9dd9ae8d9979654adba138d315fa107ccf1e20e0e
-
SHA512
9dc6d07861b8981d889f62a86882c755a6d781a92edbf8cb795672ede3168748f65ed7e7db156afcd3c8333855de16f45bfd5a51a1c8e6ceed745c571b6df68a
Static task
static1
Behavioral task
behavioral1
Sample
P&I_Circularpdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
P&I_Circularpdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
[email protected] - Password:
eltaefSH6548883
Targets
-
-
Target
P&I_Circularpdf.exe
-
Size
926KB
-
MD5
cf0c599dca5b3adb02a92b94f6927f5b
-
SHA1
57cbfe68c8f411bd283b042243b8751cca1bb15e
-
SHA256
0444729289d8a3c480eb3f29e936f29d048f69c71a691b20489e50890fa22983
-
SHA512
f383eeda78644b966baad5be489e7a65d734d93b815420d4e0fe3920a8ee20dddcd14a40397d135f780ac7816a50db2ea32661bb9a81b803ab92f2ea0dfd1c22
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-