General
-
Target
f053fa83a9d982f93a0c66679548003022114134fd1768cadc8ee49fa7f7764b
-
Size
422KB
-
Sample
220521-n8sq6saabq
-
MD5
1a64c47cb5bc0d6921afbd3ab8b4bc35
-
SHA1
017f786a9fd6a231fc14ecc30be9c4e3461f1a48
-
SHA256
f053fa83a9d982f93a0c66679548003022114134fd1768cadc8ee49fa7f7764b
-
SHA512
fb90837a1f31144bf98826b7507b7e879dad972e3b031dd1ef0b02e1090cd56db1b5beabed780bb3625bd5590cec3d82d7970ffba5e5cfa89eb939b8301d1d58
Static task
static1
Behavioral task
behavioral1
Sample
نسخة الدفع. pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
نسخة الدفع. pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
vikash12345
Targets
-
-
Target
نسخة الدفع. pdf.exe
-
Size
497KB
-
MD5
f3823acd3e8a4dcf21da8c206e13f257
-
SHA1
98f1a9eff1ad1e2f274ac4100e6670f2e95431c6
-
SHA256
c315112980543e9046f7b3167586d3a5ba25734aac85679542adaca7867f3ef7
-
SHA512
702423cebf17f43925e50244c7caf3255472715caa7f1cb15dfe25dd81da5d6788fcd1bd4aa8f7771821f5ceb0305612f0a0d370b7bb2432349c2bc1a53c2212
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-