General
-
Target
d6e07496dd8f9f3544f88e712a2df41dd82dc68f1c6a802403bfc71e81431527
-
Size
399KB
-
Sample
220521-cgzjvsgher
-
MD5
b007b032d31fcce1960a17a98dc371e9
-
SHA1
dcb0e89144fee3d29f1fda77932dd2af1180a15f
-
SHA256
d6e07496dd8f9f3544f88e712a2df41dd82dc68f1c6a802403bfc71e81431527
-
SHA512
994e30e81704ee8fb5bbc8d68f27f8ee7d7dfeb5ba5cebde2211194b7ca93e7d7cd960b2f40775e763bf0f9c6b77ce06e845a798510446bf3acd1ddd5c4793cd
Static task
static1
Behavioral task
behavioral1
Sample
PENDING INVOICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PENDING INVOICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
PENDING INVOICE.exe
-
Size
433KB
-
MD5
9bc66f36baedd02eb6b55e391d90b324
-
SHA1
aaa6786ed70237361fb28250da350181d0fd28fe
-
SHA256
4b1a13f1b1a0bff19df63d1ebf93a2c1c390896b77db3b724a2e5c03f6007d81
-
SHA512
027dbf3d56939ad0d7f4bae865863e9da23d3be4278b2e7a257b8c08b135390322b298c4bece43cda407c6eeec07c4f41a5d5b72bcee4018c65b6530aa3f462e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-