General
-
Target
E-Remittance Copy.pdf.ace
-
Size
550KB
-
Sample
210504-t5zn3aye22
-
MD5
9fa266b58f74f23630d145f07cc09a91
-
SHA1
bdca2aaf830e8a8abdfff816a3434a84acbb69c6
-
SHA256
261876ed0f8d2d0038ce84d15817b66fe0b90417a2c3ebbd40efcb9a069ef7a9
-
SHA512
48b513b9ff758070f6a404098eb5c9012daf19122452bd8a684946178214c69ec47aa4d2f2d5f9ea91b015691b630fd75b0f1404deddd4f558d199c227739d00
Static task
static1
Behavioral task
behavioral1
Sample
E-Remittance Copy.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
E-Remittance Copy.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
clintonlogging@vivaldi.net - Password:
858540506070
Targets
-
-
Target
E-Remittance Copy.pdf.exe
-
Size
695KB
-
MD5
5f974cb0ec8c2360133ad6fc13367797
-
SHA1
f5da885cd7b7043f34be4842fb2abd22a2fbd8c4
-
SHA256
1f37b4d2751d387a04815bc0477fb419e607c19f45cb3712aa1b872df9e12429
-
SHA512
42e9adc19cc24c0663d876ce5912c156a2a9605c7b5902fdba3a7046832c03a69cdab3f6f161c98c2c4a94c896e9db823c27d245ae3a5b7408211924a0a36078
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-