General
-
Target
53398258a220177c38d7c2772465b04abf1d5f76f5498bac47fcb4bb8a8497ce
-
Size
1.0MB
-
Sample
220521-pbv1psabgm
-
MD5
84fc9b2e219a1e95f95f1406c76decd3
-
SHA1
b71510a02066fb0cf632073ff2018b79133c6f26
-
SHA256
53398258a220177c38d7c2772465b04abf1d5f76f5498bac47fcb4bb8a8497ce
-
SHA512
29966dc48b4bbe169756d39f432e79502d3253a07aa4909a8ccaf115851d40abdd1cac8a0d7c49ccf9f608f7bf115dbfd105af3b9a32a4a284dbcbeab0744c20
Static task
static1
Behavioral task
behavioral1
Sample
Our company presentation~pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Our company presentation~pdf.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Purchase Order~pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Purchase Order~pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mapi.diplemailsrvr.com - Port:
587 - Username:
narayana@synpurelabs.com - Password:
Banachi@1974
Extracted
Protocol: smtp- Host:
mapi.diplemailsrvr.com - Port:
587 - Username:
narayana@synpurelabs.com - Password:
Banachi@1974
Targets
-
-
Target
Our company presentation~pdf.exe
-
Size
689KB
-
MD5
22c37e22bf539c843de4ccc764924f33
-
SHA1
d557a14aca121b534854bba8b7357bfd91d042c4
-
SHA256
094f6a9977aca85ca844fdab18035108dda8907b5c7b90416653a573e4e127b7
-
SHA512
11250880efd045016bf7c7fc74273e7b536ffae455da31d3137734c39cc81f7151dcf3a20ce9a1b8096949e28c88d7c646b25f524ce9d2ad9744ec48342abef1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Purchase Order~pdf.exe
-
Size
689KB
-
MD5
22c37e22bf539c843de4ccc764924f33
-
SHA1
d557a14aca121b534854bba8b7357bfd91d042c4
-
SHA256
094f6a9977aca85ca844fdab18035108dda8907b5c7b90416653a573e4e127b7
-
SHA512
11250880efd045016bf7c7fc74273e7b536ffae455da31d3137734c39cc81f7151dcf3a20ce9a1b8096949e28c88d7c646b25f524ce9d2ad9744ec48342abef1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-