General
-
Target
77665ab30eba7a50ea5af12facabff730840919e9587a68d77d24cabece7ecf8
-
Size
400KB
-
Sample
220521-n5zejseff2
-
MD5
4e3ac74c7bc1f26c8ac4bd4abc6d2b39
-
SHA1
9b0ab84564bc872885172ddb5abc33604f8e8b49
-
SHA256
77665ab30eba7a50ea5af12facabff730840919e9587a68d77d24cabece7ecf8
-
SHA512
365b3059a9089039bca912eec66ebc4259452d87f35fac39119994bbb1bf9e06f5f2332ffb53439ee6f0d027d70e764bdbce4f7f24d34ed2a1e988ae60a5f0e3
Static task
static1
Behavioral task
behavioral1
Sample
shipping documents.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
shipping documents.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
reports@microtechlab.in - Password:
pune@123
Targets
-
-
Target
shipping documents.PDF.exe
-
Size
433KB
-
MD5
9bc66f36baedd02eb6b55e391d90b324
-
SHA1
aaa6786ed70237361fb28250da350181d0fd28fe
-
SHA256
4b1a13f1b1a0bff19df63d1ebf93a2c1c390896b77db3b724a2e5c03f6007d81
-
SHA512
027dbf3d56939ad0d7f4bae865863e9da23d3be4278b2e7a257b8c08b135390322b298c4bece43cda407c6eeec07c4f41a5d5b72bcee4018c65b6530aa3f462e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-