General
-
Target
ad6ad515ecb5dd94594d406307c329bb85036d010a92e6b039a2d98c8d8636e3
-
Size
354KB
-
Sample
220521-n2qy1aeeb3
-
MD5
0c49df0369373a8e27a94f68245411fd
-
SHA1
10502abc3b03e56c11d30f26ded5260bd6063fda
-
SHA256
ad6ad515ecb5dd94594d406307c329bb85036d010a92e6b039a2d98c8d8636e3
-
SHA512
f818af89da2dcdf1cb59e66bd8a32a833b0c69338dd960288454575c2d9ba33b47c91477958c611ee793f68b479c8d36913d6575e1d8f4fd61c2a9c39af69e26
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice.xlsx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
proforma invoice.xlsx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sna-peru.com - Port:
587 - Username:
[email protected] - Password:
7U11*m3r3
Extracted
Protocol: smtp- Host:
mail.sna-peru.com - Port:
587 - Username:
[email protected] - Password:
7U11*m3r3
Targets
-
-
Target
proforma invoice.xlsx.exe
-
Size
444KB
-
MD5
3c631db82599efa6af78c04361cc90d6
-
SHA1
987c847bd243e8cbd92f7394853e8a07e1b75a62
-
SHA256
01c471329aeb0abda663f25bd5d0cf03cf0fd7d50bdbf31598c2ad47189289d1
-
SHA512
59ce2fdb745c0e9ac89166a3972bfeb1eefe6d14ec4b26c66282961b7663e3f34152e4f0d1d65f45b2b90758d1199de957b8ba59747b8f3550bbb5143bea9f97
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-