General
-
Target
_INVOICE.pdf'.zip
-
Size
819KB
-
Sample
210422-r3z4xgfhkx
-
MD5
5676e1fd137795d22644966377ce7a0c
-
SHA1
b8dfaeaa20b3fe31e49eb36625f457bf945b655c
-
SHA256
58a726187796e298b5fe92879b80a7b777c89776e0c7d3b3caa2dc94c815e680
-
SHA512
f897ca5d554fc6a0e1afb513b8f771f653d157acc668054d0319ff5afc7f18413bc933be251faa3f1ffe409b4f88e8b6e7933ea668cdd07968ec9cb53f7b417b
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.pdf'.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
INVOICE.pdf'.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
[email protected] - Password:
Welcome@2021
Targets
-
-
Target
INVOICE.pdf'.exe
-
Size
1008KB
-
MD5
d3da3181e517767e26773407e37aba0c
-
SHA1
93ac4cef1164b47ebc152f762762d9438c933670
-
SHA256
79b5d83bb67da34c7cef950987831c667cbb63282922c99d283beaa721266f97
-
SHA512
cdc657f75e0df03816051f11465d0c6ce4417649c20c0a6ef2dbfeeec8b8f08ea09d45e321bdffaff0bf3452bbb63bd87a95f90ef1dc1e4563f8ef63aa3139ee
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-