General
-
Target
invoceI14711472.pdf.exe
-
Size
599KB
-
Sample
240326-qpqhtaeb7v
-
MD5
05fc8c317d930cb9a38241e2acd12b6b
-
SHA1
8ccb99e44aab813419f4a64d07bc05c7f40067fe
-
SHA256
9850d360aafb1897fa5452ba024d77062e3d55cd4f3985c0b85ab1f333678e9a
-
SHA512
56d0128c721ff4cc74033c1405eefa560bd3634aab24bd07b174d219aefdf6c8c294ed8e0194840e00974e5d77035bbca062053a2f8f7b23be00cf5046df04c8
-
SSDEEP
12288:aJH5uUobt6yZqiPuSaUQvud1mlTP9yYXkuXIxc4wJiQ8OxVHE0D:CobIyEiPuvUSuSd9yYXctcNxi0D
Static task
static1
Behavioral task
behavioral1
Sample
invoceI14711472.pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
invoceI14711472.pdf.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
invoceI14711472.pdf.exe
Resource
win11-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
email.globeauto.in - Port:
587 - Username:
[email protected] - Password:
Mohali@@1# - Email To:
[email protected]
Targets
-
-
Target
invoceI14711472.pdf.exe
-
Size
599KB
-
MD5
05fc8c317d930cb9a38241e2acd12b6b
-
SHA1
8ccb99e44aab813419f4a64d07bc05c7f40067fe
-
SHA256
9850d360aafb1897fa5452ba024d77062e3d55cd4f3985c0b85ab1f333678e9a
-
SHA512
56d0128c721ff4cc74033c1405eefa560bd3634aab24bd07b174d219aefdf6c8c294ed8e0194840e00974e5d77035bbca062053a2f8f7b23be00cf5046df04c8
-
SSDEEP
12288:aJH5uUobt6yZqiPuSaUQvud1mlTP9yYXkuXIxc4wJiQ8OxVHE0D:CobIyEiPuvUSuSd9yYXctcNxi0D
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-