General
-
Target
67828ab0213db4087e433ac63765e783b0abbdf6437a3d84c5749f47b40c432b
-
Size
400KB
-
Sample
220521-dcgc6aaedl
-
MD5
74de7ee54577222282c8c0c2256a44a9
-
SHA1
868e51a3d4521934227677fa59a624e49d8a9f6c
-
SHA256
67828ab0213db4087e433ac63765e783b0abbdf6437a3d84c5749f47b40c432b
-
SHA512
344ca7b4429148264b247afd605208f581b936e2a4963f78ec48718d51548e1abbd54856a060d1e92109cac8335cd8ee9187bd7edd87b20848618ba6197e1dbc
Static task
static1
Behavioral task
behavioral1
Sample
overdue account letter.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
overdue account letter.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
overdue account letter.PDF.exe
-
Size
433KB
-
MD5
9bc66f36baedd02eb6b55e391d90b324
-
SHA1
aaa6786ed70237361fb28250da350181d0fd28fe
-
SHA256
4b1a13f1b1a0bff19df63d1ebf93a2c1c390896b77db3b724a2e5c03f6007d81
-
SHA512
027dbf3d56939ad0d7f4bae865863e9da23d3be4278b2e7a257b8c08b135390322b298c4bece43cda407c6eeec07c4f41a5d5b72bcee4018c65b6530aa3f462e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-