General
-
Target
c399c9e747adb7d0f28863c1b055fc64c20be9f43a6eef46550de765b50fb753
-
Size
418KB
-
Sample
220521-blejtacaf7
-
MD5
d4903fa1f86f606e5a1e42db4b0e108d
-
SHA1
898b2e50c3543bcfad45c8a84136630e9f1054a1
-
SHA256
c399c9e747adb7d0f28863c1b055fc64c20be9f43a6eef46550de765b50fb753
-
SHA512
711c1117d125c8ab0425f206e10947d0154ce5a5d2a21a2d15d979535c3a820bdc7fb406e3f33474fafc3bd41b3c446912faa8cb6607ff5d023c4bad639480a8
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Details_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Shipping Details_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.arrmet.in - Port:
587 - Username:
[email protected] - Password:
h)pzIy(9
Targets
-
-
Target
Shipping Details_PDF.exe
-
Size
494KB
-
MD5
065170cc4d24b73e40dcd9c346ae4544
-
SHA1
5bddc2f4dcddfc028f9da9085104a87a6bdbfd06
-
SHA256
7238acfadf518f806a2eea29444fdbad02f46465840e5ed0842fafb77eb7c58c
-
SHA512
bcdd8a77a3379918121b0973a547deb10a524de5123082707121a691cf693d42e99c1b420e600f91e0affe0176499bd5c66d8a2232477c170c6b2ddb511df5b4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-