General
-
Target
e849cc3b6671fabe1b86826bab3733471852146450ae864ec3388934058b9186
-
Size
343KB
-
Sample
220521-prr9rafhd3
-
MD5
256e1bc435e39c38a6e8abc7da99c672
-
SHA1
50a7a91c110a413262d293968899c5c13d9bf98a
-
SHA256
e849cc3b6671fabe1b86826bab3733471852146450ae864ec3388934058b9186
-
SHA512
5785f6a6547b3110703a73aad12d31e56832b63d25d4b43a526c8057b5b083ce3367f9f39a35541e197727cd05bedd4817979d28a90dbc1dcaacaf8f51033ca8
Static task
static1
Behavioral task
behavioral1
Sample
overdue invoice.pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
overdue invoice.pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.matrixas.in - Port:
587 - Username:
info@matrixas.in - Password:
info2013
Targets
-
-
Target
overdue invoice.pdf..exe
-
Size
477KB
-
MD5
537a301639cd7a30decb3a30ba6c69f3
-
SHA1
98143feaad259bdb73a097d7a12f383ec02bdf3f
-
SHA256
30fe842b10902c8ef83f5de74a6ad0987b391a318f4254ab5a276ab89175b28d
-
SHA512
829120bebd1a7d38ddf41ea43fc787f2513f0b2b25a59e6c968bd615af4434d0981941fc71ffab5a6bfc875fd84f18d5be0c9713f7170edbf1386742d1b8ab09
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-