General
-
Target
e0261691c7595a0772741cccb067ae4c2facabef80eacc661e539b1457911121
-
Size
403KB
-
Sample
220521-bm1hnsfbdr
-
MD5
a7ed07f4d90b2aa1a4e754891329f6bf
-
SHA1
66d448c94fbd32d38af0626ad28d12c63a24ffdf
-
SHA256
e0261691c7595a0772741cccb067ae4c2facabef80eacc661e539b1457911121
-
SHA512
0260b5c40bd5844be8b03d5f0368475199de5df6e4a34cc24aa12d7a847a627cc1ff697b4aeba3e5e72e4358bfd0a37f27bcb905e5c396897e2415e39d6384d2
Static task
static1
Behavioral task
behavioral1
Sample
Quotation 78565.Scan.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation 78565.Scan.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dehydratedoniongarlic.com - Port:
587 - Username:
[email protected] - Password:
shyam*1411
Targets
-
-
Target
Quotation 78565.Scan.pdf.exe
-
Size
494KB
-
MD5
381ed13c821343ffd92a1775870b6bad
-
SHA1
5d5bc903c15b38654a5e9a4d1442e8a99996fcac
-
SHA256
8ebcd9cd55a878167c2f34b57536310c4db6b09708cfa6a44238799a9711421d
-
SHA512
f74846a1f21434f928f2c659a0affb4e222bb1fe213c79f1e6aed00844e936ad3031223778d58662c464c506013c550d7fc313526cd708564d3a7baaf6e7c220
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-