General
-
Target
ARRIVALNOTICE-pdf.exe
-
Size
2.2MB
-
Sample
210504-md837lgmej
-
MD5
d9b7736721f916f9da67529ebd2bbf72
-
SHA1
d6b891983c8f3175123baa2a8ae94a3e28b6864a
-
SHA256
ae86688173bc179c5ee6a48d56618aa007a77720213568e5d4115430829f2cac
-
SHA512
0359510a081b396442991e47837584d7cca9d060bb517a310be778d275885589506def28c25007f6ec52800638f5058c0568c8d65b29fb305b72712abeb881af
Static task
static1
Behavioral task
behavioral1
Sample
ARRIVALNOTICE-pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ARRIVALNOTICE-pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1749457201:AAGWIY2QPzrHZIumAIUsWjyRAEWcJrauccY/sendDocument
Targets
-
-
Target
ARRIVALNOTICE-pdf.exe
-
Size
2.2MB
-
MD5
d9b7736721f916f9da67529ebd2bbf72
-
SHA1
d6b891983c8f3175123baa2a8ae94a3e28b6864a
-
SHA256
ae86688173bc179c5ee6a48d56618aa007a77720213568e5d4115430829f2cac
-
SHA512
0359510a081b396442991e47837584d7cca9d060bb517a310be778d275885589506def28c25007f6ec52800638f5058c0568c8d65b29fb305b72712abeb881af
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-