General
-
Target
3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4
-
Size
1.0MB
-
Sample
220521-pxzk1sbdek
-
MD5
cdea2db65aae814621336d740aa92924
-
SHA1
c6714c72354633c08595eddb6f010c1035f825bf
-
SHA256
3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4
-
SHA512
0cacfdd12126c9dee62bcdcadea631fb4b299831f86648e84a9a940b788481dfdc2d28da4e6a8ebdfe5d6168906ad786bea6aa06e46614ca9c9aa4f66bd71676
Static task
static1
Behavioral task
behavioral1
Sample
scan08312020.pdf .......exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
scan08312020.pdf .......exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
miss.vostrickova2016@yandex.ru - Password:
3232908
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
miss.vostrickova2016@yandex.ru - Password:
3232908
Targets
-
-
Target
scan08312020.pdf .......exe
-
Size
1.1MB
-
MD5
f13581b27fd5fc2225e0f62fae689970
-
SHA1
45739ac5a6a20d63b281e20a088214e3589020d5
-
SHA256
92bb0317bc220657af5e88c2382bb04150052319693a2ed90616bf65ff44467a
-
SHA512
9029fd8335f393ccd69b75871c61672d23af7a9f8fb77a14c68b00842d1a4822d2a7c3f9495026fac55a432f08b1c1b826f7a2145ad662aa1c1f7000b7ce98ea
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-