General
-
Target
511911c49fabf8c4744bfb6d9f3003d23583f3e153ed34ebff332d455beaa8a7
-
Size
434KB
-
Sample
220521-pxalwsgbb5
-
MD5
5b64fe86bc33211f473983d4616566e3
-
SHA1
2b9b2471a446c2a5e054b7ed6fd17daac765e9bb
-
SHA256
511911c49fabf8c4744bfb6d9f3003d23583f3e153ed34ebff332d455beaa8a7
-
SHA512
f0e116a4715199f5c7772693ba23a92a85036b1d59aaf2718eb0ef25a344f0b345488253d8c9dcd453fefc51b695c0f945ec5024a55ed41a7499205ad7283852
Static task
static1
Behavioral task
behavioral1
Sample
cotización.PDF________________________.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cotización.PDF________________________.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
kelvinjohnmoore25@yandex.com - Password:
ezesundayngma
Targets
-
-
Target
cotización.PDF________________________.exe
-
Size
527KB
-
MD5
e73d435515fa8765d7a2992758ad2ef9
-
SHA1
277c4e77aabffda266061e0a18f3017bd77a9e71
-
SHA256
e1cc292b3eb8e646e0c778966a3150d2f278e1394059cf31106301bb003d273f
-
SHA512
a833faf13c4536bffe2c1009d9bbc2185de55737445281bc3d909e231fff27573ce88bfb7412a1eb6c15b2a396a8cef1b5cfdb8e4c9006f2699bd46ca80f8c52
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-