General
-
Target
41b00339b4f3bae3b42f25df924f999e85c1587673c33c080be584f1d1407676
-
Size
404KB
-
Sample
220521-b18q7sfhel
-
MD5
ec0d87adb61664f536e8252b5baf7b07
-
SHA1
d358034df3c6bb168bd8f4624d87827cefebd091
-
SHA256
41b00339b4f3bae3b42f25df924f999e85c1587673c33c080be584f1d1407676
-
SHA512
f3637cff4ceebb4993e7d3d35cd9905def511e3510d48fdce8fcee11fe315e619eb63af36ac044e417ccb840fbd69fcc86bc4b759b5dfa4edf4bccf18a4ea625
Static task
static1
Behavioral task
behavioral1
Sample
TOP URGENT SUPPLY INQUIRY.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TOP URGENT SUPPLY INQUIRY.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oilexindia.com - Port:
587 - Username:
[email protected] - Password:
Kamal@2019
Extracted
Protocol: smtp- Host:
mail.oilexindia.com - Port:
587 - Username:
[email protected] - Password:
Kamal@2019
Targets
-
-
Target
TOP URGENT SUPPLY INQUIRY.pdf.exe
-
Size
487KB
-
MD5
09439f5e5abf5e18c207607e5e33c5f0
-
SHA1
4983fe7854af89970ad29df5aa6be5d180ca00a5
-
SHA256
8c04fcdf35613586ea0643b716c769d7ee4a88af77887ef92d908097adbd6fc4
-
SHA512
25868c74e3b7c98594c1a3978872b2dde2007aed48c9fb1c3fddcec31a40abbbb1b81f02493b6346cf4cbb0d6340e61ee08af50fb8670857ed489270bd5808bb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-