General
-
Target
aebf756eccd8b61dc27f4e6fa7d3022a00d6caae256f0dd6885a6b952fc1d1c9
-
Size
373KB
-
Sample
220524-1cp2macfaq
-
MD5
116a7e4256100dd1238d8281674d145a
-
SHA1
26e9516b0219dc929e92275ec32cd14edfff6f20
-
SHA256
aebf756eccd8b61dc27f4e6fa7d3022a00d6caae256f0dd6885a6b952fc1d1c9
-
SHA512
0b51224be0554a0e5ac74e73938ba6ec36be878bbb0178af031b84d3f49b01875000696e427f74f076b8e59a8606b313ed8ca0bdb8a1d6b6387ecfd442f441a7
Static task
static1
Behavioral task
behavioral1
Sample
20892_8806983.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
20892_8806983.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ahrass.com - Port:
587 - Username:
mohamedadjal@ahrass.com - Password:
chukwuma22
Targets
-
-
Target
20892_8806983.pdf.exe
-
Size
433KB
-
MD5
1a2c609e0f08fd8e06d78e4fe6c5602c
-
SHA1
05c72f54cc61ce4fcff09fd47d542c94300b671d
-
SHA256
f1c7c8d083966fdd7e796c0972b3542d0ac6b0188d2ba15d79359924915910f6
-
SHA512
cbb6bf3396bc8e7d4fe29574f4908102d419c3719d6956d3cc2d1112b585c8584a46ca5f0882f8d513855ca06d0080fd29aaef444662e074725bcb9c09ca345b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-