General
-
Target
40063967180d674619d82c710d764af9f2d8d573d469eaa019e79095778241cc
-
Size
477KB
-
Sample
220521-bbhhqaefer
-
MD5
93f2d6f05a9915d18281819b5448d419
-
SHA1
8e4cb3b95ce5a5b36c85e2c0569e67ce339cc2ed
-
SHA256
40063967180d674619d82c710d764af9f2d8d573d469eaa019e79095778241cc
-
SHA512
7cbeea41b8afbf6adedb835f8e598c5c4aebca8d395bf99bad8904826408a61fcecc7df5a88520c201ee9f149eb72b8adb0eec2cf7a743ec5c620bbfce46f951
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOCUMENTS.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.palcoman.com - Port:
587 - Username:
[email protected] - Password:
GgwWVBJ5
Targets
-
-
Target
DOCUMENTS.pdf.exe
-
Size
618KB
-
MD5
1eee2f6e8d98a4229fa3d0100ca02f40
-
SHA1
281880040284f92e77498023925744f3a0efb6bb
-
SHA256
daccd93e099119d1c54b6d855d0a9db24e1ebd8eea974badb1ff6d8f0e01865f
-
SHA512
026aee31d90b84ad5f3f74eee7e2d11df0488c5bd13afffd66938df90b4a3cadb52a20085b0c793088a2fab5e791acc59e5bb15a633819d56b7cde3f7fa10444
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-