General
-
Target
13873e2ca2c3592ee6b1fc8ac95a744827a29760e10dde506d2c22bab804d7de
-
Size
617KB
-
Sample
220521-bx9jbsfgbl
-
MD5
7f9e58e078905e2f92ef2e45c5fba8ad
-
SHA1
36e43bf1ffea9b6f99254dfc9123f335f168f6a9
-
SHA256
13873e2ca2c3592ee6b1fc8ac95a744827a29760e10dde506d2c22bab804d7de
-
SHA512
132bbb0f00ef1dc060930bae163c0b804cfbafa92e82d9d70902fcb06396b7b00eb272b87e6111630a3aff4961d64d687fe4c8c071a2b1deb30eb54cc4c2288a
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
proforma invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquariuslogistics.com - Port:
587 - Username:
[email protected] - Password:
AQL@2019#$
Extracted
Protocol: smtp- Host:
mail.aquariuslogistics.com - Port:
587 - Username:
[email protected] - Password:
AQL@2019#$
Targets
-
-
Target
proforma invoice.exe
-
Size
1.1MB
-
MD5
361a036943fa4bc0c43bbccff3bfb980
-
SHA1
ffea45e9168b49c611c6db0a3cfc993680e68ab6
-
SHA256
2672dbd0f2cdcb55f92fcc27ae5cdbf0e708ce44844d432413c27b108b9b8231
-
SHA512
ab391108debce4d17a2edc0529a834960fad95226f4f12ddb5907036ad62416101941dccb13f2ac57d614dcfbf8b867ed5c67fd1f2928536485e950ea8a2625b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-