General
-
Target
7a7e2a413b9ef82df28db3a4beabd9921a834228288eeb4035f1a45ecb36f3b5
-
Size
497KB
-
Sample
220521-pjskjsfdf5
-
MD5
acc5d81824272a312d40e29b30e259fd
-
SHA1
ad001625071eeeb188a2363106c2a9c6a7140961
-
SHA256
7a7e2a413b9ef82df28db3a4beabd9921a834228288eeb4035f1a45ecb36f3b5
-
SHA512
c77bf6cdff8b67760d634285096c91002a9290f4fc3ab0f2431544206fcc56459e56a74a5ed38c6f4edd3f71ac35eb4fe99cc7cf2c678c868209217b114147cc
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOCUMENTS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
reports@microtechlab.in - Password:
pune@123
Targets
-
-
Target
DOCUMENTS.exe
-
Size
606KB
-
MD5
acf124579e7f180928628d6b02701dbf
-
SHA1
35e410ca0183d5a026ff6418e82bf722d76b58c2
-
SHA256
3f33e7bde9dcaafa436e0cb2e267371768115ea14de2a9860cefa74af71e9155
-
SHA512
6572acf3bd665f6eb55956d9226b0057f49c1b8244888c1d2cc0be850ed4a06436d77e482d781e963b6eaf97e5fe4000c6c80a90ad23b30656e2e34ee8df44f8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-