General
-
Target
ORDINE #96543-pdf.JS
-
Size
4KB
-
Sample
210121-fe2ja2aree
-
MD5
cfa731241965fd4b24e01c24ded86b81
-
SHA1
c53226dec303274857517fbaa9f406021e9f3d06
-
SHA256
19ede2b8c1baf36ab7fe4b1182066248277c33df608545349adcb25317d2ca0b
-
SHA512
57ac282c62f999eccf752d187934a51edf6cb4048441beed84160d0a5cebcc1a2fb8d30a428933535a22d84e36cd61845852cfd4e5e2b12c27f7028a4ebcded8
Static task
static1
Behavioral task
behavioral1
Sample
ORDINE #96543-pdf.JS
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ORDINE #96543-pdf.JS
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.transdealer.cl/ - Port:
21 - Username:
originlogs2021@transdealer.cl - Password:
wzQlkml^z^dd
Targets
-
-
Target
ORDINE #96543-pdf.JS
-
Size
4KB
-
MD5
cfa731241965fd4b24e01c24ded86b81
-
SHA1
c53226dec303274857517fbaa9f406021e9f3d06
-
SHA256
19ede2b8c1baf36ab7fe4b1182066248277c33df608545349adcb25317d2ca0b
-
SHA512
57ac282c62f999eccf752d187934a51edf6cb4048441beed84160d0a5cebcc1a2fb8d30a428933535a22d84e36cd61845852cfd4e5e2b12c27f7028a4ebcded8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-