General
-
Target
e7861511170c7f5a89f8f0cfaae07e18de6b631402a5176eba3328190a95e01e
-
Size
380KB
-
Sample
220521-n8wstsaack
-
MD5
7fc963b7e6a1bf8b25b94db18227dcd6
-
SHA1
c77ba5724d7c0c30a2d975324f0e8c63a7dd315c
-
SHA256
e7861511170c7f5a89f8f0cfaae07e18de6b631402a5176eba3328190a95e01e
-
SHA512
161e95759d404b04bb8faea9d7036e1532c9a72749b76dd2aa2c4bf8ea8c1688b92200c7dbfa0f5d968994fc56f175df538c1fc448a113886357134922613a9d
Static task
static1
Behavioral task
behavioral1
Sample
1003829pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1003829pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.saritatravels.com - Port:
587 - Username:
[email protected] - Password:
sameerb%$321
Extracted
Protocol: smtp- Host:
webmail.saritatravels.com - Port:
587 - Username:
[email protected] - Password:
sameerb%$321
Targets
-
-
Target
1003829pdf.exe
-
Size
437KB
-
MD5
7bb2f96d596774d43bd8c6d1e7abd393
-
SHA1
ff937b7668be6f7a3730518dc3c0da55c3319651
-
SHA256
bd3217085dc8bc107e2b4937e89fee521d0f1489e35bbdbc0ee1e8be241f1773
-
SHA512
1fa5581bd3938e7a5e2285d78b22ecdba5fac404811d9b1b745a1692b909d2a7641596e4f159d8ad1ee6a49c18b179aee95e0742579e6a6c8907fbc28ca21dc9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-