General
-
Target
543111b5dc0f8b959d98aa7bfd0ba624f638c386529b49637a3398d36798d011
-
Size
404KB
-
Sample
220521-b1431sfhdp
-
MD5
0734c822ec22047ac3c5464e56da7793
-
SHA1
4c82d881319102f10f0bdef0e425fdbccc604058
-
SHA256
543111b5dc0f8b959d98aa7bfd0ba624f638c386529b49637a3398d36798d011
-
SHA512
b6ef143cc96776e21084ed00fee22dcf629af236e7c075f6bba3d03b63d2f2115d46553d716bc47d9a790c1bb088b78d106100b193775c84343511b85b1b08b1
Static task
static1
Behavioral task
behavioral1
Sample
URGENT SUPPLY - QUOTE 2020.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
URGENT SUPPLY - QUOTE 2020.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oilexindia.com - Port:
587 - Username:
[email protected] - Password:
Kamal@2019
Extracted
Protocol: smtp- Host:
mail.oilexindia.com - Port:
587 - Username:
[email protected] - Password:
Kamal@2019
Targets
-
-
Target
URGENT SUPPLY - QUOTE 2020.pdf.exe
-
Size
487KB
-
MD5
09439f5e5abf5e18c207607e5e33c5f0
-
SHA1
4983fe7854af89970ad29df5aa6be5d180ca00a5
-
SHA256
8c04fcdf35613586ea0643b716c769d7ee4a88af77887ef92d908097adbd6fc4
-
SHA512
25868c74e3b7c98594c1a3978872b2dde2007aed48c9fb1c3fddcec31a40abbbb1b81f02493b6346cf4cbb0d6340e61ee08af50fb8670857ed489270bd5808bb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-