General
-
Target
254895628a666eaae9b25dd2f9666b62f38fc607fd0d0b7af6447117241643eb
-
Size
384KB
-
Sample
220521-bb1pasefhk
-
MD5
9608a060b1057a4069a953babdf87736
-
SHA1
2b1ba850053a55b0b5a7164680b0bb701ca96de8
-
SHA256
254895628a666eaae9b25dd2f9666b62f38fc607fd0d0b7af6447117241643eb
-
SHA512
1ebb524e5c215e1411006e415de15d521d01220e0bafbf571521c4cda24ae82346865a2c785321ebaf52d23191ccc9f9d720dd729bf1f183e107a9b35b2c2691
Static task
static1
Behavioral task
behavioral1
Sample
Sheet.......pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Sheet.......pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nnedimma080
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nnedimma080
Targets
-
-
Target
Sheet.......pdf.exe
-
Size
437KB
-
MD5
ac621011571eca9bfcc83b3457e8bc4e
-
SHA1
9979d2ac17eaaeb8c65457212cd0b8f25db24dc4
-
SHA256
c4ccd023eed63b7c47c69e1b08e267f4579cc54e9998f3767d7c1438127b6d1a
-
SHA512
86715884fc9ce924919b37ec820ebf57f8acf7ede3eadd4aa1af71da9d606bf8e3f41f33b2e958bd11826377a7ccdd94f1328235fb457a41041592e30500b783
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-