General
-
Target
Payment Advice.pdf,'.zip
-
Size
679KB
-
Sample
210419-bale7v6vmn
-
MD5
811d46d4afe7e393f21f78e3438ba4b5
-
SHA1
91b6faeb76db105c0a20e7a7df2e65d122b4d7b3
-
SHA256
084f1c7e721b04fcdf9d147e3c35ae7a00e6b178744b015c039df6064fc0d4f9
-
SHA512
31664d2bb1c320cb1b83b90bae7b1bbc42234e9bb08a51937e399bfb44b7bd84d10cf42b21fb69f8d52329688308ffe6c82e3074f3704ff808eef91d44b2e450
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.pdf,'.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment Advice.pdf,'.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
[email protected] - Password:
Welcome@2021
Targets
-
-
Target
Payment Advice.pdf,'.exe
-
Size
918KB
-
MD5
abc8c6269c64321aa896027be32d45f7
-
SHA1
13641f490b4e8d63fa987110ef94496f1d6eea5e
-
SHA256
65ef5d90c345d4e35c915f78eb44b4a199a294ddef89c225079ab2df1051bce6
-
SHA512
d99abca96eb7200d671c4f03ab2df6c5d54dfaf4261cdf8fa48d0d5a87a8666b7b38a58cda62500f113dde68a3ab5bc0e2fdc24038ff1bf84fc9f60f68468080
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-