General
-
Target
PO-16032021,PDF.exe
-
Size
1.1MB
-
Sample
210421-jf2ny5ed8j
-
MD5
d7e49ef3a90bdeb44d7b5bb85bebbc1b
-
SHA1
52404f0c92b94bf6ce07905592dcf614013bf08c
-
SHA256
e01b10b57d317655cde32a37805d387131b27c88557241e0cee953e2419af93a
-
SHA512
53d8decdcec050da5adca3b16becaffc8bc1955640c55570a98a66e1913d50f1e36d9c0b49231386a0ed04439004b18b0b9b66f1b6c4d101a9c6e767fc8ccf89
Static task
static1
Behavioral task
behavioral1
Sample
PO-16032021,PDF.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO-16032021,PDF.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.biolegends.net - Port:
587 - Username:
intlcs@biolegends.net - Password:
dFKf#W)7
Targets
-
-
Target
PO-16032021,PDF.exe
-
Size
1.1MB
-
MD5
d7e49ef3a90bdeb44d7b5bb85bebbc1b
-
SHA1
52404f0c92b94bf6ce07905592dcf614013bf08c
-
SHA256
e01b10b57d317655cde32a37805d387131b27c88557241e0cee953e2419af93a
-
SHA512
53d8decdcec050da5adca3b16becaffc8bc1955640c55570a98a66e1913d50f1e36d9c0b49231386a0ed04439004b18b0b9b66f1b6c4d101a9c6e767fc8ccf89
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-