General
-
Target
063557e31f33f43df3d9324be5b24829a7f636952526d89be348f3e86c019dab
-
Size
510KB
-
Sample
220521-byx7pafgej
-
MD5
e37692988a5fcd94fab5cd3153c3c4ed
-
SHA1
cce71c4a884703262f261f6e264703fece588739
-
SHA256
063557e31f33f43df3d9324be5b24829a7f636952526d89be348f3e86c019dab
-
SHA512
6feb5bcc433f6fa845364d06c5c95100e33eb0f1bbde815e14bed2749f4da4b9bb9afaf8ccfacadb0a35911a4810e4cf186194508c1d37c3d626b9b2f3895b75
Static task
static1
Behavioral task
behavioral1
Sample
RFQ ICT-200068-MKE-AL ESTISHARI_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ ICT-200068-MKE-AL ESTISHARI_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.specialmetal.ir - Port:
587 - Username:
[email protected] - Password:
02188985257
Targets
-
-
Target
RFQ ICT-200068-MKE-AL ESTISHARI_pdf.exe
-
Size
603KB
-
MD5
23f551a5ac8ec744ece3dabee871cd30
-
SHA1
97227666e1b88f7f6e2d88e6d53c832edf6f52cb
-
SHA256
3ac8a6bb8e3551f1889bcdbe567d78c4d1afd90f91904d5bbaffc6879abbb37a
-
SHA512
0f53a4efdc1159a96e177e288b0a7ca58bd4acd3ade45a5720d4633f514f824a42bba761859fd6a7c6f0da51f32c493fb7b1bf73526d28bf4574858d5bc4e25e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-