General
-
Target
c6eb2e79f00763ce42b8c4904bfd83869bcc09259ec4fbcbb194730be0f6206c
-
Size
412KB
-
Sample
220521-clnyxsebb6
-
MD5
a94a26a8425ff49a98b6c6df2855dbc7
-
SHA1
8eaa09a68532471dd4db8982b660b3fe7f560db8
-
SHA256
c6eb2e79f00763ce42b8c4904bfd83869bcc09259ec4fbcbb194730be0f6206c
-
SHA512
4b6e722ba32b57789e036b930454d4faef03d377c28aaf71bc06d21a5d4a1a0609e2ae12c598f00ef9846d9c4c6665d301e48b9ff38744b3969fa49befb09c08
Static task
static1
Behavioral task
behavioral1
Sample
Remittance advice_63653.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Remittance advice_63653.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
Remittance advice_63653.exe
-
Size
455KB
-
MD5
2879721f8b9759ef832a173a4aef7f74
-
SHA1
e44ce3d55b58edd0fbdb51b78a2db0ca1da35d32
-
SHA256
24be3b1c3a8a56f3028bb533082f4e8e93f1405b7066e4facde544c22010afa5
-
SHA512
50014f4ab829d1e5379952ac2a19c46abfd0e73585231a6d6e0078db2218ff92149cc1b1d547eef7295ed3c48ff0866586509d5a2258b3bc2dd3bf1ccabe6625
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-