General
-
Target
2f192a32d2b45bb6104607e955ad7034859a4f18a29ecd1107b119cc9c20094d
-
Size
271KB
-
Sample
220521-n97xgsabaj
-
MD5
9ade9808ef050cd080896ece9d6ec5cc
-
SHA1
78f4bb948fc2613174702a84c4fb737146bb81de
-
SHA256
2f192a32d2b45bb6104607e955ad7034859a4f18a29ecd1107b119cc9c20094d
-
SHA512
a1f47de08292b70df5feb537de22aeff4dbd5bfb25b4a68a9eac0074190c94f6f856b09075940fd11659f95784b91e10d8902b25775204f84a908709cae8722b
Static task
static1
Behavioral task
behavioral1
Sample
c.c auth,-confirmation #1307654780,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c.c auth,-confirmation #1307654780,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.marketinfosales.com - Port:
587 - Username:
info@marketinfosales.com - Password:
QAZqaz123@
Targets
-
-
Target
c.c auth,-confirmation #1307654780,pdf.exe
-
Size
389KB
-
MD5
e80514ca1a42e6f28fbd78b561883c2c
-
SHA1
823c8f1ff7d961eb2a910af44d130997c76c01ce
-
SHA256
ac59fc8043fdbad6e5c65e7c9e34aaceffe49290761f5ff6befa5825a781bc27
-
SHA512
7cc4c8a5ef724b8226a06662b7323cf9210637ccff800649bdea56df16e16fd8995926a9f624287c15b02b4678e173d3873ec87694d739a07c105f60da2a2a6b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-