General
-
Target
324a405fb54f6795f05ac47bfae5694675f80e159244b7dc8c59bf4a92dd66e0
-
Size
522KB
-
Sample
220620-h8f5gsadbp
-
MD5
9884515f38cd33b0457e2e5794fcdd30
-
SHA1
bc6660eb5e2253be19e9dc7cbbe55c12385e559a
-
SHA256
324a405fb54f6795f05ac47bfae5694675f80e159244b7dc8c59bf4a92dd66e0
-
SHA512
8ce13108ff7d8b450a9f5b01b2fc1aa59ddcd71f56cc41faedda64bc481e8409d5117237ee03fe53b77e80a8349eae42e5c4182622b248be516d1a43c9493fa2
Static task
static1
Behavioral task
behavioral1
Sample
BANK ACCOUNT DETAILS ATTACHED (wrong ) pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK ACCOUNT DETAILS ATTACHED (wrong ) pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.asplparts.com - Port:
587 - Username:
sales@asplparts.com - Password:
f3nu6R4lH
Extracted
Protocol: smtp- Host:
mail.asplparts.com - Port:
587 - Username:
sales@asplparts.com - Password:
f3nu6R4lH
Targets
-
-
Target
BANK ACCOUNT DETAILS ATTACHED (wrong ) pdf.exe
-
Size
717KB
-
MD5
d82a7a301463ac0bf19630aadcfa16c6
-
SHA1
deb2dbb58b6ecfb25cc68c96a1bcfffff34b1bcb
-
SHA256
062ee3b51efe7baf8428abbd041c7f4dcaa8e59c5707505c144f8dbd92dc68c5
-
SHA512
735dacc4993f641790aa9d741c6f4a6b1201f9fe124658c05bb4dcd07d6cd11e9a0e8b6777e55207aacdb3a24b5a2c67e4a6ab5e455f1cb5f941f7ca2f55862f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-