General
-
Target
f2143e0aec246f899c07647a87f757add230325e6bc2967ad72eddb4e10ad90c
-
Size
353KB
-
Sample
220521-pdwd9aacfr
-
MD5
b83c8868102c2f2e6ab9f2dcc344221f
-
SHA1
fde71515880c585a9cfc9e34813e872167eff9dc
-
SHA256
f2143e0aec246f899c07647a87f757add230325e6bc2967ad72eddb4e10ad90c
-
SHA512
e5a9c3e7cb099fcd0f2c5edbef3d75c1b45df37dd0b6c5e5a5aaf2fc2f5cf9bb57d9ce41df413493fb7ec39cb4ff39d0eda0eeb24d123d344c31173a6eb9170e
Static task
static1
Behavioral task
behavioral1
Sample
Invoice09080000pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice09080000pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.mx - Port:
587 - Username:
lety@solar-pro.mx - Password:
lp475869
Extracted
Protocol: smtp- Host:
smtp.ionos.mx - Port:
587 - Username:
lety@solar-pro.mx - Password:
lp475869
Targets
-
-
Target
Invoice09080000pdf.exe
-
Size
488KB
-
MD5
067d54aa6365b5989cbf6101f7e123fc
-
SHA1
5256dcea0fb8c3a455dacfc88850910b87f236f3
-
SHA256
a95bb180b0d9bb5f2a3b7974f8170fb18b6979a46cacfa352d769eccf428ebdf
-
SHA512
887331910739fd91be9c254ee59d877d01d444e07743f3e98f3fdfb27f63d90fcd1eb2527440060f36f691d727b5070ab5f8cf6853f866eefc8723caed13a3de
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-