General
-
Target
ca9705b69a492e5775f3a5131cbce6c442230f7572c21a23324b983819166154
-
Size
399KB
-
Sample
220521-cktg1shagj
-
MD5
cdda222e8b2ed02b2a08889b4c1990cb
-
SHA1
2bc53766e453bd3b47647a6061c8d0ff518b2cbb
-
SHA256
ca9705b69a492e5775f3a5131cbce6c442230f7572c21a23324b983819166154
-
SHA512
a3080d46b5429fb30ce2616a8feb273f24c3e4fd1ae1a747a3eac1659f6e1920e9e9effeee1c66637a1e4fa43a3b31b3abc843087cac1bc97603b553854d55c4
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
SIGNED AND STAMPED INVOICE.exe
-
Size
457KB
-
MD5
8c7516016e1bba2fe0e81b1792d9261e
-
SHA1
7d4851bad01bb5043d56ea2fb480b952cb087b84
-
SHA256
0b2ade3b609fe52eb27078440fe30c4983138af0a04bda84e92df8830338c9b1
-
SHA512
5f36c3f281f8ed5a22d6522623cef0839aebd2b6bebbbdeee068364827d11063d42656719309782843f6641687f1cfefd35b0d8d9fc03fb58a8f7b5360ada92c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-