General
-
Target
DHL-#AWB130501923096.pdf.exe
-
Size
568KB
-
Sample
200707-yq6pcbdcja
-
MD5
b70d92034cfc3f3015f270e306d6a1e5
-
SHA1
5281550bb31582b06cde9c9cbf11ba4c98fc1d03
-
SHA256
73a4e945a1c898ac6a48f8359785c4bd85a1e9af7423db4bd18149c428503cb2
-
SHA512
a17a0338f2789b04ad95afe7a4f80c1e812d8009376e2788da626dfe26a5f8bca17d115047cae30ccdee856968995ec22ec767fead8ed6bb2dc12531fb7cc51f
Static task
static1
Behavioral task
behavioral1
Sample
DHL-#AWB130501923096.pdf.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
DHL-#AWB130501923096.pdf.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
DHL-#AWB130501923096.pdf.exe
-
Size
568KB
-
MD5
b70d92034cfc3f3015f270e306d6a1e5
-
SHA1
5281550bb31582b06cde9c9cbf11ba4c98fc1d03
-
SHA256
73a4e945a1c898ac6a48f8359785c4bd85a1e9af7423db4bd18149c428503cb2
-
SHA512
a17a0338f2789b04ad95afe7a4f80c1e812d8009376e2788da626dfe26a5f8bca17d115047cae30ccdee856968995ec22ec767fead8ed6bb2dc12531fb7cc51f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-