General
-
Target
12dad5ac22b67b339da8b380d48e8f570bc2ab68b7676d13ae68256cc53340df
-
Size
496KB
-
Sample
220521-nhtwjsghdk
-
MD5
8706a67b47f883bf71b759c11d6c17e0
-
SHA1
6ff8e64defbd8b23785cd84cab32810ed3dbd3f6
-
SHA256
12dad5ac22b67b339da8b380d48e8f570bc2ab68b7676d13ae68256cc53340df
-
SHA512
bd8f7037a92cb7a98ed90dd24664fe425ef91800de0c662af14191287ede6cc4a7d390f2f296e037a969626cd468b26beb011591c8c8bae6a5927e5a067feeb5
Static task
static1
Behavioral task
behavioral1
Sample
pdf_drawing.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
pdf_drawing.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.itdone.cz - Port:
587 - Username:
testovaci@itdone.cz - Password:
viObavejMa
Extracted
Protocol: smtp- Host:
mail.itdone.cz - Port:
587 - Username:
testovaci@itdone.cz - Password:
viObavejMa
Targets
-
-
Target
pdf_drawing.exe
-
Size
435KB
-
MD5
f8e2dac595a50205cdcb0bd573d1fe3f
-
SHA1
52498f99d5feaa54dca65aacc6914f3b04c02328
-
SHA256
7107a54ff6d4a11d21530a533c37b00ddc423fa00b7c7ae40c74970027715bf8
-
SHA512
d295e321c058785690b8b9e637e1cc39d2186c1e464d99359d75842d53941f8e461878141c8d91a55b0dfc1b2d393658611883dc5e56eb1006437dd4a8d2c058
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-