General
-
Target
a59082f4ba00e99d337541e27c3625e9f1d4a7d3174bbd9f46f4ef0ef143c316
-
Size
419KB
-
Sample
220521-cvtkrseee2
-
MD5
1d6565f5a4a6adf3a69a0196d5518544
-
SHA1
1d8ccf6a754368c41937f9178a761ef8781f0314
-
SHA256
a59082f4ba00e99d337541e27c3625e9f1d4a7d3174bbd9f46f4ef0ef143c316
-
SHA512
596e4b42d20e2e8493d6bf0f02bb0783dca0ca97318fe105784708de4fc24991efe52e58092e72dfac4eaba331f35ecdc213877426dc3ccce38a002a300ff945
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
PO.exe
-
Size
474KB
-
MD5
bbcf7d3c452a1f979cebfdbb7ef6220a
-
SHA1
35cdbbcc31606bc42702fda23292afb3a6f4be23
-
SHA256
b8214924a598b9fd3193099fecd6c3d09f06dc5e3a9af098642c7d5327c05cd3
-
SHA512
2fb4bd3808ba1681363c56b5e47013f6c8938ee07e3cb6e2d7fab2a89a4f6aacdf4b6adb889c3554b96e4a03e69ed7f6b9d5ae0c74a05021c8e92b60f98bbb3c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-