General
-
Target
updated SOA.pdf.exe
-
Size
705KB
-
Sample
230329-hrha8agg8s
-
MD5
72b566a19405295457438c5373f2e91c
-
SHA1
bc3ea0e5fb136dfc33d7442fd191439501b55303
-
SHA256
0543d3e6b17798c68a8f2442b5d2bc1a2407dbdabd0c82ba7c8ddcde3488f662
-
SHA512
9e241b12f6d2b08450966ec9162e0a241d71469a2527d2dcc65e04b47c5772f3136dbb2a1482413bddd0a022f9155e5cef7a1c48aa8fb4d7a620c5f5d23a8c87
-
SSDEEP
12288:nzveLTgNGSD7QK8oX97/kBPB/SyXEROFIA/DLRPbnf7+mWc1:ze/MMZU9Tu5qydFN9Tf7+Jc
Static task
static1
Behavioral task
behavioral1
Sample
updated SOA.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
updated SOA.pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1644755040:AAGRTnph6BdO8-t1bJaOyVu9aeuJErmisqs/
Targets
-
-
Target
updated SOA.pdf.exe
-
Size
705KB
-
MD5
72b566a19405295457438c5373f2e91c
-
SHA1
bc3ea0e5fb136dfc33d7442fd191439501b55303
-
SHA256
0543d3e6b17798c68a8f2442b5d2bc1a2407dbdabd0c82ba7c8ddcde3488f662
-
SHA512
9e241b12f6d2b08450966ec9162e0a241d71469a2527d2dcc65e04b47c5772f3136dbb2a1482413bddd0a022f9155e5cef7a1c48aa8fb4d7a620c5f5d23a8c87
-
SSDEEP
12288:nzveLTgNGSD7QK8oX97/kBPB/SyXEROFIA/DLRPbnf7+mWc1:ze/MMZU9Tu5qydFN9Tf7+Jc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-