General
-
Target
9ad890370d2592bb218fb555414d678ec210b2c4386794f55e68bea6f62f9a37
-
Size
438KB
-
Sample
220521-cxymhahgbj
-
MD5
9bd47a296459b6a1a107a9c938cb6bfe
-
SHA1
a6da0112131b7c17412f7eeeca721bfffacb700e
-
SHA256
9ad890370d2592bb218fb555414d678ec210b2c4386794f55e68bea6f62f9a37
-
SHA512
a38ebabfad423d79a0b923d484a507559224a1103c62298db67cdde13ea56c1f2a7b59e23b6f25fc8fe90196c6df340e595097a425575e8c4bdbabef2f3dd6da
Static task
static1
Behavioral task
behavioral1
Sample
copia de pago.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
copia de pago.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
vikash12345
Targets
-
-
Target
copia de pago.pdf.exe
-
Size
511KB
-
MD5
7e3e9766a4e94d027acf6c9f4358b023
-
SHA1
06c9f344f20afee74435f33712361efe0baf3a56
-
SHA256
42e8f056ff6775f4e466f277e8cc62fb510054292e6a586d8742ec425a439ffd
-
SHA512
47d1aac4afe9cdab8f01573d470d8c13f86acaab806702c0acc07a7afbfb58c04bbe553e582b23f93e28bf294b42c1c20babe66e84e56060c5274b2a26a3abcc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-