General
-
Target
31a14761318d36b4f7932ead4af7c90f7fcb63964b9c25f5e6bf66189ecf3494
-
Size
362KB
-
Sample
220521-bbt7hsbfe6
-
MD5
d8e6ec8ab0804f861e6386b452c58c4e
-
SHA1
c074590a56cd1cb091d9286b38527ed421ca25e2
-
SHA256
31a14761318d36b4f7932ead4af7c90f7fcb63964b9c25f5e6bf66189ecf3494
-
SHA512
55ae0e99858a796868b9c3bd71f5fa473f89c163a144bc951109547f4f7f3cff79eb7cebd1983c7198dffc8357567a1d146bf2a247ff23a472ac77a014806b10
Static task
static1
Behavioral task
behavioral1
Sample
item sheet_842020_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
item sheet_842020_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
blessing2020
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
blessing2020
Targets
-
-
Target
item sheet_842020_PDF.exe
-
Size
405KB
-
MD5
f0ae460e9015ea5ad6b78a54e5ff6e9b
-
SHA1
841aebec319f5bfd577b97ff20b6a83734ef7a10
-
SHA256
38055b6302aa7068984e0eaddec2cd4cda82264fa25c25f7f218236145d071dd
-
SHA512
3bc9677119e4438f99eed12cd05f1aa479be32a2bd615d9b74dad638400662a79826cfbe62017fad71d6ab370f2c22a8550edcca80ac6654b82264205dc1703e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-