General
-
Target
4ba08b06b7760d9beef94dbebfdde2dc3e843d32a9c85c065c03e0d3b54a6d2d
-
Size
407KB
-
Sample
220712-laarlabgbq
-
MD5
1f29b648560693e3323330b527514b23
-
SHA1
c8f52e2e224008eae036efa5a4612648912bf633
-
SHA256
4ba08b06b7760d9beef94dbebfdde2dc3e843d32a9c85c065c03e0d3b54a6d2d
-
SHA512
fc5218db77e37b1512f773214c8ceea791557f3510be8e1366b6440eba6115295dd9d1f3c2fc9545b0f2fdd75dd7d9ffd0b93e6e917d00d0b25649aaefb6a89c
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Advice.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ahrass.com - Port:
587 - Username:
mohamedadjal@ahrass.com - Password:
chukwuma22
Targets
-
-
Target
Payment Advice.pdf.exe
-
Size
446KB
-
MD5
4e535cb9880c4b6fafdebd62807332bc
-
SHA1
b04240386fa709a704c81624fd701b48b140cb05
-
SHA256
b52f9b733eb56a683997312b04b2b38ed53cc224211e5b9a5b5b72b93d75ad79
-
SHA512
dbf1725772107d2a2d714017985213aad0303bed516a85e692e57c34f6ce7a2ecbbc29a7a2c0fa383fa156f67a3711ffed5fa3cab27d7b0bb0e6d11d245e743e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-