General
-
Target
32dd0a80090ae3af8bd00fd8babf21fe4a769805e0ee4632114d50268bbd1127
-
Size
396KB
-
Sample
220521-pmzg9saggj
-
MD5
38454cd055ab7e4910151989822f91f6
-
SHA1
d5b7a7acd86ae97e2d47f49229beefc8f5d000a3
-
SHA256
32dd0a80090ae3af8bd00fd8babf21fe4a769805e0ee4632114d50268bbd1127
-
SHA512
efe5752e5383ae64b8118a97a57de0fc4483c1f55832a0ca79f6caf1b28efa2df179570d175672d92a846064722615fc8a86879576a60bfae7262b1b07d83615
Static task
static1
Behavioral task
behavioral1
Sample
order 20- 0011718..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
order 20- 0011718..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cpworldindia.com - Port:
587 - Username:
import.cs@ahd.cpworldindia.com - Password:
imprtcs@2019
Targets
-
-
Target
order 20- 0011718..exe
-
Size
426KB
-
MD5
583a510813764348af0c5c3d2b6f9385
-
SHA1
be80f78c782d612fca9128cdfefc9b324ae653eb
-
SHA256
aec020a6546f4efe2d5766ae7e7da2816c11badee1879d37de7845538b03035b
-
SHA512
b82acd5b8e864c0b83be494d88cd97f891cd1a5e47acbb5a425af353d3c9e7d868be10da0fd0c568de1e3478460be690ff0b648865b7f136983b434ce24fe32e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-