General
-
Target
NEW-P&I_Circularpdf.exe
-
Size
962KB
-
Sample
210408-925d6dd59j
-
MD5
182216a47605c50db6b8796adff4e3f9
-
SHA1
06c36b24b2d877600500590d2b57f670d58773fc
-
SHA256
408d0b8cf4df11f74ecd574dccdcc5bc7fdf483fce512401e0c767e801815357
-
SHA512
654e99ee9ad6a52a87e03b1c13c1f44284f004713c42d9fb464f635dd6259682f6df0cc661a923c9cc9298c03137170342ed81e6f6dc4f79cc060e3589305acd
Static task
static1
Behavioral task
behavioral1
Sample
NEW-P&I_Circularpdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
NEW-P&I_Circularpdf.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.1300dentrepair.com.au - Port:
587 - Username:
newadmin@1300dentrepair.com.au - Password:
money123@@@
Targets
-
-
Target
NEW-P&I_Circularpdf.exe
-
Size
962KB
-
MD5
182216a47605c50db6b8796adff4e3f9
-
SHA1
06c36b24b2d877600500590d2b57f670d58773fc
-
SHA256
408d0b8cf4df11f74ecd574dccdcc5bc7fdf483fce512401e0c767e801815357
-
SHA512
654e99ee9ad6a52a87e03b1c13c1f44284f004713c42d9fb464f635dd6259682f6df0cc661a923c9cc9298c03137170342ed81e6f6dc4f79cc060e3589305acd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-