General
-
Target
ac6e15c510c0cafcb1fa803876b7f0dd762d9146ed798a9fc292a41c2b2fb36a
-
Size
378KB
-
Sample
220521-pgvxwsaecq
-
MD5
9fa11ce416b52621665418022409f4a4
-
SHA1
601cf00cb66b591255940a5c0e0e7611d4dfbd11
-
SHA256
ac6e15c510c0cafcb1fa803876b7f0dd762d9146ed798a9fc292a41c2b2fb36a
-
SHA512
954c39adb760fa7b622cd3ba11423511ccf89535fa9f2e12cbe623b15227ea3f0ad630d0e0c10a51c1fa18cd19e67b86c4fbb3edca8e5661fb95cf8f9a5bcef7
Static task
static1
Behavioral task
behavioral1
Sample
80120-DB000372 DATA-SHEET.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
80120-DB000372 DATA-SHEET.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquariuslogistics.com - Port:
587 - Username:
ajay@aquariuslogistics.com - Password:
AQL@2019#$
Targets
-
-
Target
80120-DB000372 DATA-SHEET.PDF.exe
-
Size
419KB
-
MD5
4b5d862141ef73fa863e0d4efaf9325f
-
SHA1
014bc77d51c332e3d4dd584a6d9083dd20001079
-
SHA256
4625689b86b6899465896135d652868b259732b5a82b0645959384c66a35428a
-
SHA512
36e6eec475ca3d82e1430d9ade252a0e867f68e0717bc0581126151f734f8f4ad226f9f13037b5e85e9a5022ee08e7b950c6ed9de1aabd8dd54b0abd01383678
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-