General
-
Target
Payment Advice.pdf,'.exe
-
Size
918KB
-
Sample
210419-1zhmffkwzs
-
MD5
abc8c6269c64321aa896027be32d45f7
-
SHA1
13641f490b4e8d63fa987110ef94496f1d6eea5e
-
SHA256
65ef5d90c345d4e35c915f78eb44b4a199a294ddef89c225079ab2df1051bce6
-
SHA512
d99abca96eb7200d671c4f03ab2df6c5d54dfaf4261cdf8fa48d0d5a87a8666b7b38a58cda62500f113dde68a3ab5bc0e2fdc24038ff1bf84fc9f60f68468080
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.pdf,'.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment Advice.pdf,'.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
[email protected] - Password:
Welcome@2021
Targets
-
-
Target
Payment Advice.pdf,'.exe
-
Size
918KB
-
MD5
abc8c6269c64321aa896027be32d45f7
-
SHA1
13641f490b4e8d63fa987110ef94496f1d6eea5e
-
SHA256
65ef5d90c345d4e35c915f78eb44b4a199a294ddef89c225079ab2df1051bce6
-
SHA512
d99abca96eb7200d671c4f03ab2df6c5d54dfaf4261cdf8fa48d0d5a87a8666b7b38a58cda62500f113dde68a3ab5bc0e2fdc24038ff1bf84fc9f60f68468080
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-