General
-
Target
NEW ENQUIRYRFQ ALUMINIUM DOOR CLOSER (120421PR1).pdf.exe
-
Size
1.0MB
-
Sample
210422-ckepgh4cvs
-
MD5
2c2ae17b0d45e86652337370bcba3b42
-
SHA1
b4c2bf69c55e919ee354f0a587a92b856c71c7ca
-
SHA256
d7b031ffe2c4ed9b09bfcdc171677a70adfb4bfef6a094afcb72050912493dc3
-
SHA512
fbf79b023ca52d4958817708cabcf38d881a128cd3a31c48d6df012e9558137e2087bf70e4e922f8d7ad18722175c0ca06479a80bb1bee3717cac4d4bab84e39
Static task
static1
Behavioral task
behavioral1
Sample
NEW ENQUIRYRFQ ALUMINIUM DOOR CLOSER (120421PR1).pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
NEW ENQUIRYRFQ ALUMINIUM DOOR CLOSER (120421PR1).pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
Graceboy123@vivaldi.net - Password:
4Lmm4pew4Z3EVCn
Targets
-
-
Target
NEW ENQUIRYRFQ ALUMINIUM DOOR CLOSER (120421PR1).pdf.exe
-
Size
1.0MB
-
MD5
2c2ae17b0d45e86652337370bcba3b42
-
SHA1
b4c2bf69c55e919ee354f0a587a92b856c71c7ca
-
SHA256
d7b031ffe2c4ed9b09bfcdc171677a70adfb4bfef6a094afcb72050912493dc3
-
SHA512
fbf79b023ca52d4958817708cabcf38d881a128cd3a31c48d6df012e9558137e2087bf70e4e922f8d7ad18722175c0ca06479a80bb1bee3717cac4d4bab84e39
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-