General
-
Target
1489521207b240fd4462b9937f2590bb2c4a61d228b246fb80e84e6196758a2d
-
Size
387KB
-
Sample
220521-pn3lbaffh8
-
MD5
ab5342fbc983807f170fec893ffcecc6
-
SHA1
5e52f83231b6c354c2981be40702ea2bb711e0aa
-
SHA256
1489521207b240fd4462b9937f2590bb2c4a61d228b246fb80e84e6196758a2d
-
SHA512
df516e570aed0cb8f43594f440486d3d1bde1608a195de056d2c3441b0a4f1420e4fc60e83827ad524ef6c3b7e38c775d54d10d10c17f492a332c94b97e689d2
Static task
static1
Behavioral task
behavioral1
Sample
DOC.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOC.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mytecheng.com - Port:
587 - Username:
services@mytecheng.com - Password:
Pakistan@321
Extracted
Protocol: smtp- Host:
mail.mytecheng.com - Port:
587 - Username:
services@mytecheng.com - Password:
Pakistan@321
Targets
-
-
Target
DOC.exe
-
Size
421KB
-
MD5
1a686ae23aa093aaa8df66976f9c5a80
-
SHA1
f4d09430ff28c32189a81ffb97dfcb5501ab5cbb
-
SHA256
09d29a5604548a4d0fafd678d658d78ca9cd38121159b4abc55fed249bc08c06
-
SHA512
e1ce657e3988ab09e27518749c303652f0307499421bd6b09b6bc4a0fd9c5b1ce19baebbaa7bf43259cc48ee6a52b5d4baaa72b20e130e85b68bde81933d23d3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-