General
-
Target
New PO.pdf.'.exe
-
Size
829KB
-
Sample
210419-xc7asdzzxs
-
MD5
ea2f6afd43fe464c3b90f05762def390
-
SHA1
cf20ecb582c6c6385860bc7a76a866a3f28c06aa
-
SHA256
587de2149d6418990852b59fdb044911f6dd33f60bc6392fb2e93c8538b91453
-
SHA512
409241a1f4e7f284055751881534a932eb23d27edd0779ee78b90b9cc666925a927a3851a37feca63773b1c72f0b1945e9dfc7259b9931066e4de8f1ecdccc60
Static task
static1
Behavioral task
behavioral1
Sample
New PO.pdf.'.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
New PO.pdf.'.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
[email protected] - Password:
Welcome@2021
Targets
-
-
Target
New PO.pdf.'.exe
-
Size
829KB
-
MD5
ea2f6afd43fe464c3b90f05762def390
-
SHA1
cf20ecb582c6c6385860bc7a76a866a3f28c06aa
-
SHA256
587de2149d6418990852b59fdb044911f6dd33f60bc6392fb2e93c8538b91453
-
SHA512
409241a1f4e7f284055751881534a932eb23d27edd0779ee78b90b9cc666925a927a3851a37feca63773b1c72f0b1945e9dfc7259b9931066e4de8f1ecdccc60
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-