General
-
Target
20523884db1447831df6ac98ca2d9daf20afdb3b8bfd864df6a89c939fdff479
-
Size
700KB
-
Sample
220521-ns9praeba2
-
MD5
2d1bcf91c03789b7ceb6cb78e1bee0b8
-
SHA1
167a4cd0151444a9de4577ee3563efe1785d8e8a
-
SHA256
20523884db1447831df6ac98ca2d9daf20afdb3b8bfd864df6a89c939fdff479
-
SHA512
8fc6be04155558559e2ab65be247cd0430e1942626c1afb8f7443f7d688796c747a8d76788e1efc41dec8367ad046af5ddec3c3ad0bcc1e776dea2d225a4fa0f
Static task
static1
Behavioral task
behavioral1
Sample
PO#080720_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO#080720_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.skysponder.com - Port:
587 - Username:
fvrblssd@skysponder.com - Password:
yes@@@yes
Targets
-
-
Target
PO#080720_pdf.exe
-
Size
1.1MB
-
MD5
33207be99a4d70202963b1ce09f503dd
-
SHA1
36df4205defc8f9903bdbda8ad77eabffefcf01c
-
SHA256
3315958fc5d16e16e78d1c4023a797b38b1246552ca148255bfd0124cec0c771
-
SHA512
adba0d41dd9fe97d6ceb86fd064c6a44443569904ada416662f26961a5b4db14971844e1594ed7fbab2956d86c26ee293f9cfd2c6469ffcda7a211828016c347
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-