General
-
Target
b84177ba29d940b494894ef69a3899a438079a9fc64607c9444c2856d5d5b273
-
Size
400KB
-
Sample
220521-n14hpshfap
-
MD5
73c2c92d154ee2ccef82cf4cf50f9ac6
-
SHA1
d68b02a9545805c9b490a082c7d49bbd6afc77ab
-
SHA256
b84177ba29d940b494894ef69a3899a438079a9fc64607c9444c2856d5d5b273
-
SHA512
86d30f093847dd2424768bc672892dcbf93d57fdd22166ac8978c5f9c7429a4ea770bb99d81d753b1ee62460555c732ca70a8f2d5899c5a6af6a9c9489cfcc50
Static task
static1
Behavioral task
behavioral1
Sample
454362_PURCHASE ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
454362_PURCHASE ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
454362_PURCHASE ORDER.exe
-
Size
433KB
-
MD5
9bc66f36baedd02eb6b55e391d90b324
-
SHA1
aaa6786ed70237361fb28250da350181d0fd28fe
-
SHA256
4b1a13f1b1a0bff19df63d1ebf93a2c1c390896b77db3b724a2e5c03f6007d81
-
SHA512
027dbf3d56939ad0d7f4bae865863e9da23d3be4278b2e7a257b8c08b135390322b298c4bece43cda407c6eeec07c4f41a5d5b72bcee4018c65b6530aa3f462e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-