General
-
Target
996bfdb4638f325046e246becbdcf3e3c34c535d8691eb0cf9416a54fe6cdfee
-
Size
527KB
-
Sample
220521-xk1xbafcbm
-
MD5
58e073999290be942975358867e5653a
-
SHA1
b943b2a30fcd8645fb0a6b2f4da24227b2b1c3e2
-
SHA256
996bfdb4638f325046e246becbdcf3e3c34c535d8691eb0cf9416a54fe6cdfee
-
SHA512
b3a85a83e06ae8a659153814a9a989423c0d981e216bdccf7dd4361c9152be6114e19c925916e7f2c417ef15662b84fcdf3c41b741cbb2962f5a6421085f3543
Static task
static1
Behavioral task
behavioral1
Sample
order 2020.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
order 2020.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bestinjectionmachines.com - Port:
587 - Username:
a.yassin@bestinjectionmachines.com - Password:
@?w-%n6@l_sU
Targets
-
-
Target
order 2020.pdf.exe
-
Size
664KB
-
MD5
d6661155f6b79ff949129321dd3505b6
-
SHA1
9885295271aa315d70b5afbdad4e9d48b2d7c0c5
-
SHA256
1eebe4346f9ef87b9be5bae1875e17097501a28a201e2cf500df658a3727b47b
-
SHA512
d4ed59e61ef5d9e718e2974a1b0896d50f22f6dfa39f990fe943a98b0648971f056bf0770999724e0fa28fa121c47ee6887c851e196c9dc60c6f88db042611b4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-