General
-
Target
New PO.pdf.'.zip
-
Size
572KB
-
Sample
210419-8x8zjclqza
-
MD5
30afa5ef47ad71f43a7eebece150be6d
-
SHA1
0f04347968ad70cee88f7f30eef11ae239aaf65f
-
SHA256
6d54d3e4524a80426dff0a58f81a3848a6134dff13b4fff65abda706ddb54c20
-
SHA512
610ac2699c940f79d327222e34930c17974fcb1fe3faffc806e34eb9ed63dcf8fb08f25d7c5008b08fc26ea2e7f76c2603801ab0b34a553cd53282093f584e63
Static task
static1
Behavioral task
behavioral1
Sample
New PO.pdf.'.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
New PO.pdf.'.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
[email protected] - Password:
Welcome@2021
Targets
-
-
Target
New PO.pdf.'.exe
-
Size
829KB
-
MD5
ea2f6afd43fe464c3b90f05762def390
-
SHA1
cf20ecb582c6c6385860bc7a76a866a3f28c06aa
-
SHA256
587de2149d6418990852b59fdb044911f6dd33f60bc6392fb2e93c8538b91453
-
SHA512
409241a1f4e7f284055751881534a932eb23d27edd0779ee78b90b9cc666925a927a3851a37feca63773b1c72f0b1945e9dfc7259b9931066e4de8f1ecdccc60
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-