General
-
Target
289c109e239ee7570e68e8703e4c64fc45726f50766fe8b1b4d95e9073fe0b35
-
Size
409KB
-
Sample
220521-bbzf8sefhj
-
MD5
f12c848be2624eeeb6862dbb03e30f58
-
SHA1
fe11835a0d6abcdda74160d34ba0ac0f9b564520
-
SHA256
289c109e239ee7570e68e8703e4c64fc45726f50766fe8b1b4d95e9073fe0b35
-
SHA512
9f74143e695e2bbd5a60445ca51c2e986f50f37ac01bac22890a0bf3d0357c26e7dddc2000cab1522efe8c766a267d4b34c2af2fdfed81f410bb602c0e9e2aed
Static task
static1
Behavioral task
behavioral1
Sample
SIGNED AND STAMPED INVOICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SIGNED AND STAMPED INVOICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
SIGNED AND STAMPED INVOICE.exe
-
Size
461KB
-
MD5
1319cf2f252ccac65fc3d468b487593d
-
SHA1
ba35e5badeaac9233605ca750849dd3ee324413a
-
SHA256
0843dfe5e6b3266770393c129939c4fc85db09ee36dd51696fbc711a3b556460
-
SHA512
025a7cb074dbb315bb9e3366cd71a1cced563a8e17143d1cdc51d20eeb0a73d374fbc1f5f044eba2edc111a2c1970654060b55f6c1c09b8331ca9e887e4561bb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-