General
-
Target
97eba6a6dbb27fce5939f175765c1e332faa78ffb62f8b922dabff1bd3711c2b
-
Size
693KB
-
Sample
220521-cyntpahgdp
-
MD5
7854b11c3ce85eddbed329dcc36c7545
-
SHA1
c8a52bd27a71647f81acceac2e85cb90819c3a34
-
SHA256
97eba6a6dbb27fce5939f175765c1e332faa78ffb62f8b922dabff1bd3711c2b
-
SHA512
9aa331eabf39a66ce1f1065a24c02d68eb18cc2500f631636f2539b9dbfae2f54858e0caf696a57ea9789f0d89f10450bed8ffd03af39845b9da00e9d6539291
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT ADVISE_Pdf__________.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAYMENT ADVISE_Pdf__________.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.catathai.com - Port:
587 - Username:
[email protected] - Password:
CatathaiCatamaran
Targets
-
-
Target
PAYMENT ADVISE_Pdf__________.exe
-
Size
730KB
-
MD5
a0146d201d817b776384020b0d167cb7
-
SHA1
e925ab7118c2a4852cbe56323530a136a2adb010
-
SHA256
fdd6a733c719e505650b9eebfe1511ec9e41db1a8b254ae09e2252ffd6a58333
-
SHA512
f2fb658b204c9c61ef363683bc3e7935f8ff30878a2cfd0ab7990b7be0734d916284807e64fefb9ac2a0dfdde7e2a9ce41b559cdca223d7bc04569b648706cb2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-