General
-
Target
f0df2d320e47c58700f32f3df8aaa7ee95b56078a22818fe692c6c4708578a5d
-
Size
408KB
-
Sample
220521-ca3b6sdee3
-
MD5
0c01660737890371494b312c9c673dba
-
SHA1
885367be75430d531fbe05bc55d9bc122eadd495
-
SHA256
f0df2d320e47c58700f32f3df8aaa7ee95b56078a22818fe692c6c4708578a5d
-
SHA512
710812507d5aeda42aed3dfc1c06af4b529ab2c06e91d1d22f1107d258f0b0761b1a2f92f53c4ee1a5c087ad8f9283ae7cc9930f93d65125def69723ae6e5840
Static task
static1
Behavioral task
behavioral1
Sample
PNQNR00000118PNQNR00000118.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PNQNR00000118PNQNR00000118.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
PNQNR00000118PNQNR00000118.exe
-
Size
449KB
-
MD5
7473e4decb7e2c2ff61e6547d372e906
-
SHA1
b6d7cf27a8cff8c1ffb7ce4342a5f0bf14ff7798
-
SHA256
1601d407d21641b07f554e7e63353cce4c2fb281ab6308bbbee53cdd817012e0
-
SHA512
4ca3191a1be1eaf4190ffe879c43680b3046812f26d3158d4621b12bb0be093d251e641bf418bf17c492ce7725ec28b5dc3a15ad998a5b96e93cbe516d152969
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-