General
-
Target
Order Request .pdf.exe
-
Size
677KB
-
Sample
210504-pt927drn16
-
MD5
2ad72a3933556e1d30a06ae454a17d54
-
SHA1
0e175a0e16cbd071c5d84bbef369586c49b67446
-
SHA256
17d2636add9f6f880c490347fbd54ed7f054eb37954eadcd04992efdb81d9204
-
SHA512
94472bb40426db8dbd8d0474a3d7386e2784b95d98c551252b7b3a5862a67bb50e5ca037b0d175ec80cb62e3ebf5fa68a7acd695a44960953b5078a07842c021
Static task
static1
Behavioral task
behavioral1
Sample
Order Request .pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Order Request .pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.abanit.net - Port:
587 - Username:
sumon@abanit.net - Password:
WICUcoF4
Targets
-
-
Target
Order Request .pdf.exe
-
Size
677KB
-
MD5
2ad72a3933556e1d30a06ae454a17d54
-
SHA1
0e175a0e16cbd071c5d84bbef369586c49b67446
-
SHA256
17d2636add9f6f880c490347fbd54ed7f054eb37954eadcd04992efdb81d9204
-
SHA512
94472bb40426db8dbd8d0474a3d7386e2784b95d98c551252b7b3a5862a67bb50e5ca037b0d175ec80cb62e3ebf5fa68a7acd695a44960953b5078a07842c021
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-