General
-
Target
Invoice 36791 - CTE03.pdf.exe
-
Size
661KB
-
Sample
210408-z7wq8etd4n
-
MD5
1532edd8c5097125710838ad68686a76
-
SHA1
fb15cf92c4195126192dbdb172702a4b1cafe1a7
-
SHA256
a12aa89d8507f6f8c4810037360270d316cdbebc229aee6adc179f9ebf2e30a1
-
SHA512
7f594f39d64507c7f3c6a091108edc9c5e38bda3906bd816410274000a2f5c62cc1c047aa403203abdd233083b5496e9ed87b47fd9fa011206f37705d2e4f574
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 36791 - CTE03.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Invoice 36791 - CTE03.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
clintonlogging@vivaldi.net - Password:
858540506070
Targets
-
-
Target
Invoice 36791 - CTE03.pdf.exe
-
Size
661KB
-
MD5
1532edd8c5097125710838ad68686a76
-
SHA1
fb15cf92c4195126192dbdb172702a4b1cafe1a7
-
SHA256
a12aa89d8507f6f8c4810037360270d316cdbebc229aee6adc179f9ebf2e30a1
-
SHA512
7f594f39d64507c7f3c6a091108edc9c5e38bda3906bd816410274000a2f5c62cc1c047aa403203abdd233083b5496e9ed87b47fd9fa011206f37705d2e4f574
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-