General
-
Target
QUOTE B1020363.pdf.exe
-
Size
735KB
-
Sample
210511-56e4zrkk8s
-
MD5
8c817545d7ba60333a000ba5ce565776
-
SHA1
e2c55dc26dde7b0e07b950d9753ccee89d0216f0
-
SHA256
26799266072f7aeaf11cfe54773cd3f387dd383bb8900cf1708a8db00740d101
-
SHA512
2beec0619d4834e696f6c30513a9007e2e0c822c0290221de050b422abdd5e99025561ada8508e085d6415479a35eaef47f7040c3b5b1bffb464f0e95316d241
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE B1020363.pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
QUOTE B1020363.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
Graceboy123@vivaldi.net - Password:
4Lmm4pew4Z3EVCn
Targets
-
-
Target
QUOTE B1020363.pdf.exe
-
Size
735KB
-
MD5
8c817545d7ba60333a000ba5ce565776
-
SHA1
e2c55dc26dde7b0e07b950d9753ccee89d0216f0
-
SHA256
26799266072f7aeaf11cfe54773cd3f387dd383bb8900cf1708a8db00740d101
-
SHA512
2beec0619d4834e696f6c30513a9007e2e0c822c0290221de050b422abdd5e99025561ada8508e085d6415479a35eaef47f7040c3b5b1bffb464f0e95316d241
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-