General
-
Target
a789bece61cc58a17f08c238e3bce39fd77fe2a1cb228af4fe17983341e5b7e9
-
Size
400KB
-
Sample
220521-ct72rseed2
-
MD5
48adac89d2f13c79f2cb4591b0cdf56f
-
SHA1
b171668f036875bdde951087e526f91951e78d96
-
SHA256
a789bece61cc58a17f08c238e3bce39fd77fe2a1cb228af4fe17983341e5b7e9
-
SHA512
6f806d6aa763267c1a6aed4732599588292472ffc0e9628c3240e0d9c420a88cffe5783d551c7038f1effb24d6e9298ff2f1ee4ee4686e8574316666b9daed33
Static task
static1
Behavioral task
behavioral1
Sample
PI-2006009 TRUONG THINH.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PI-2006009 TRUONG THINH.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
PI-2006009 TRUONG THINH.pdf.exe
-
Size
433KB
-
MD5
9bc66f36baedd02eb6b55e391d90b324
-
SHA1
aaa6786ed70237361fb28250da350181d0fd28fe
-
SHA256
4b1a13f1b1a0bff19df63d1ebf93a2c1c390896b77db3b724a2e5c03f6007d81
-
SHA512
027dbf3d56939ad0d7f4bae865863e9da23d3be4278b2e7a257b8c08b135390322b298c4bece43cda407c6eeec07c4f41a5d5b72bcee4018c65b6530aa3f462e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-