General
-
Target
6638f6849a9c27dc035d5ba97690c670152b9f300c579ad44d73a8274f8ceb75
-
Size
412KB
-
Sample
220521-dct91sfde4
-
MD5
d7290e004145d515f61559ad1991298f
-
SHA1
2242a047e772b4b247ec1b1679ed5f875269cace
-
SHA256
6638f6849a9c27dc035d5ba97690c670152b9f300c579ad44d73a8274f8ceb75
-
SHA512
13373c7aff4c77aabd127422c4f1c2bcf77a8645ade431888b7828333df7b79d5c6b6f3ad269a8ada4d4d63202cba2ea444a1dd32308ac55e9d020573acfc0a2
Static task
static1
Behavioral task
behavioral1
Sample
Shipping documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Shipping documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
Shipping documents.exe
-
Size
455KB
-
MD5
2879721f8b9759ef832a173a4aef7f74
-
SHA1
e44ce3d55b58edd0fbdb51b78a2db0ca1da35d32
-
SHA256
24be3b1c3a8a56f3028bb533082f4e8e93f1405b7066e4facde544c22010afa5
-
SHA512
50014f4ab829d1e5379952ac2a19c46abfd0e73585231a6d6e0078db2218ff92149cc1b1d547eef7295ed3c48ff0866586509d5a2258b3bc2dd3bf1ccabe6625
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-