General
-
Target
b17e4332096c690189b2281ca1c414f07109be3779e5262c538ae28f58f45884
-
Size
366KB
-
Sample
220521-ptnz4sgab5
-
MD5
0104900d9107296dc2ea1944b3534e9f
-
SHA1
b3265b188c27e52c4003c6cb74feb0f99f4eb0a3
-
SHA256
b17e4332096c690189b2281ca1c414f07109be3779e5262c538ae28f58f45884
-
SHA512
43f93814fb194366ef04e1f8219307cff956522ee98b600331e8d77d2fefd052d494f3e8e39dde9cbef12cbceebc1babf91fba6ddc9ec3be50581252acb62021
Static task
static1
Behavioral task
behavioral1
Sample
SOA.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
reports@microtechlab.in - Password:
pune@123
Targets
-
-
Target
SOA.PDF.exe
-
Size
385KB
-
MD5
a08a2bda9c51b2d5ca1e38435629cacc
-
SHA1
46107a6be4613e6c2d1f9e08af63de089417ea10
-
SHA256
6f4d9739f62d219787f6de178ab8f5fb29f317cac258c567d8d51cddea7aa4ac
-
SHA512
d3be87d66877a4cf71f2edccd0863c180630b979214c40170fa5585a878f5ea32efa2c10fbd7f6129362b672230978af32f9618cd71a69be3f087f3b56aaf411
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-