General
-
Target
b4c5fead3bc308faa465962c0e60d2cdf504f3592065cd3056d74052107a23d6
-
Size
484KB
-
Sample
220521-n2a8jshfbm
-
MD5
1bef1d3d6e5b109dad0264727fa5b874
-
SHA1
3d9ecca40da449e8692d2cea07a9fc2112191e84
-
SHA256
b4c5fead3bc308faa465962c0e60d2cdf504f3592065cd3056d74052107a23d6
-
SHA512
25635affc880b4c7a1918c094faacd2bf2ae54af474e1385da1a459308cd19c47352ff43f8113c6b21f5b64281c4b876b9df04735afd1a0a9fc3efd2aa0da3fa
Static task
static1
Behavioral task
behavioral1
Sample
CargoINVpdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CargoINVpdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
[email protected] - Password:
eltaefSH6548883
Extracted
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
[email protected] - Password:
eltaefSH6548883
Targets
-
-
Target
CargoINVpdf.exe
-
Size
576KB
-
MD5
fba9f0795fe71e6084df4c58883006a7
-
SHA1
4bd824d02a93e34814191e20805b79d7759a3095
-
SHA256
de78d6ebc53d0a17441d132529eb2db65ec206e7f4223382337e190aec29b150
-
SHA512
4447d064e0e26d4fb8f9b0e299775ba874e9712e0a042d8c3e26130c62caa1faeab61ae9bf863b2006548a7a50b1446b6f11c5e3936a2c303d509985b84a441e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-