General
-
Target
dc5688e382c2b6703dac78213f9ef156b2be33ee44aa3bc724a3858b9517677e
-
Size
401KB
-
Sample
220521-xl4dtsfchj
-
MD5
44f80c62b4958cc95860224850f1a21f
-
SHA1
4ebfa4fd6372b5d19cbe566cca1543efe1e08e08
-
SHA256
dc5688e382c2b6703dac78213f9ef156b2be33ee44aa3bc724a3858b9517677e
-
SHA512
812b9dd03852ed055e4ee2bb962ad67c2a6d74fd6c3570977b6f3124855869094e7f9132ee56a195ae78948db9959a771e6e860fbb60b9634737b7cd127cafd2
Static task
static1
Behavioral task
behavioral1
Sample
SSCN_12462020pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SSCN_12462020pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
info@eltaef.com - Password:
eltaefSH6548883
Extracted
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
info@eltaef.com - Password:
eltaefSH6548883
Targets
-
-
Target
SSCN_12462020pdf.exe
-
Size
444KB
-
MD5
33d17dffd1221cd066f45811323b44b1
-
SHA1
4412bb573391d3466ba49d0d0451d0bb73b245c8
-
SHA256
ba2937327a241e543cddc12d8c1648db557d5408cc4fe8d06a5261d2d96896ca
-
SHA512
b7f6c51325171a8d3d6b89c07ebf6715f74ba4fa19bd62f781719c540494a18c0c659301957b34c6bce4ea5f7cf837fe6f299d7a56d8f97e2cc54bd62b3ae8dd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-