General
-
Target
4e9235c8c805d240c9aa6a7731214e0e2d658588aecf543e334b3c9559260f25
-
Size
391KB
-
Sample
220521-n8dx1segf5
-
MD5
909858b6c9cc72eff1afa0b8322010ca
-
SHA1
60ec3805c0510f7117fa0c6b1222bacfb583ed42
-
SHA256
4e9235c8c805d240c9aa6a7731214e0e2d658588aecf543e334b3c9559260f25
-
SHA512
bcb7a56d11c22677a8d0bdc8c61c1cc672c87b1226c3e77f17314902000dc005c63318b5698826569501d3fa4f2d1b9fab5e2855cfa3c623ad5430001debd52e
Static task
static1
Behavioral task
behavioral1
Sample
DHL_overdue account letter.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_overdue account letter.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
reports@microtechlab.in - Password:
pune@123
Targets
-
-
Target
DHL_overdue account letter.PDF.exe
-
Size
424KB
-
MD5
f0b3e2a7cef0d4e0c6e094676550221a
-
SHA1
fc8cddcf6526cd3ee94141b6299c7069ad1b19b0
-
SHA256
6ae9b8c271b5110c7cceb8b7d39522dd8d444dddcfa3691726ff3580562a73b7
-
SHA512
3a0f6d6e979871ecdf4cce66e63674ecd32568f0d45f91448b0bb986fccbbf3173734f992d6c0add58c5437fd048e36c4b00bd8efcbcf5c161b35b8c7e26178a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-