General
-
Target
241d82b94453c2b5e9603c47ece0ef95e0e4344bfad3297dbf9cbec61dc7f53c
-
Size
341KB
-
Sample
220521-pyhc5abdfr
-
MD5
d94f13b0fe7b92d75942462ff84d7207
-
SHA1
22f1d95ad52246d791fab229294e38fc984d8c74
-
SHA256
241d82b94453c2b5e9603c47ece0ef95e0e4344bfad3297dbf9cbec61dc7f53c
-
SHA512
a78e2423f553a115d2b528383771dc6a8a19086bc196350ed95a46956b5d3d24a8714d6b4cdd26a6acbb6fe76b923b9d0425c8da1c180ae58e44406f7ae577f3
Static task
static1
Behavioral task
behavioral1
Sample
Invoice UT05-222546.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice UT05-222546.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ahrass.com - Port:
587 - Username:
mohamedadjal@ahrass.com - Password:
chukwuma22
Targets
-
-
Target
Invoice UT05-222546.pdf.exe
-
Size
360KB
-
MD5
b76512014f74e255d5fa3bd144090baf
-
SHA1
19e3bd57858eea5e1904f379f5683243e39fbaed
-
SHA256
6de0a133506d6df141e56bf1f834c3028c31809a056f7bb97d76c9199c5823b7
-
SHA512
5c5d3757ebdb6bdd86d1de031889e788ea480c178e3e2959e314c1983a6f0da0eca698e384a70a616e7147cf1d3a406df7d615d84965b0b8d6a04069e438e4f3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-