General
-
Target
b92feb510c36837038c44d8ab317c2ea5634013cfb07b3ae1ef715ee5f17df58
-
Size
366KB
-
Sample
220521-ps8m5abbgl
-
MD5
b2922b85e9d15a3b573d008425e30fe4
-
SHA1
12ca2f6d516bb5363b5e40fa05a8dad12eaeccdf
-
SHA256
b92feb510c36837038c44d8ab317c2ea5634013cfb07b3ae1ef715ee5f17df58
-
SHA512
754087d92e5ac7bd5039a01a2d1ed40631eeef29dbf0388214931239e384e0b4f0fae0f330bc26a9129f810a0bea99d5b7bc186953b1948f83f1ec5d2d329801
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCS _234372.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SHIPPING DOCS _234372.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
reports@microtechlab.in - Password:
pune@123
Targets
-
-
Target
SHIPPING DOCS _234372.PDF.exe
-
Size
385KB
-
MD5
a08a2bda9c51b2d5ca1e38435629cacc
-
SHA1
46107a6be4613e6c2d1f9e08af63de089417ea10
-
SHA256
6f4d9739f62d219787f6de178ab8f5fb29f317cac258c567d8d51cddea7aa4ac
-
SHA512
d3be87d66877a4cf71f2edccd0863c180630b979214c40170fa5585a878f5ea32efa2c10fbd7f6129362b672230978af32f9618cd71a69be3f087f3b56aaf411
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-