General
-
Target
invoice and packing list.pdf.exe
-
Size
905KB
-
Sample
210511-859slem8yn
-
MD5
5fe3af8698d46cb668b36cda32381df9
-
SHA1
08f42bff933e193f76119e59e8c8d7df52271332
-
SHA256
33a72fddfb31f23f71b11ac223b87c62e1dcc371c6f238804220e0d969f09504
-
SHA512
4c488b7f4fce8046f0c60e26b96a6c57cd1f29d38b8a8911343fc9c28bbf30f55790623b78862ba6a31fbde9c78d16ea79de6434c6ce31c2b464fb1eba0b8855
Static task
static1
Behavioral task
behavioral1
Sample
invoice and packing list.pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
invoice and packing list.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.targethyd.com - Port:
587 - Username:
invoice@targethyd.com - Password:
marketing369456
Targets
-
-
Target
invoice and packing list.pdf.exe
-
Size
905KB
-
MD5
5fe3af8698d46cb668b36cda32381df9
-
SHA1
08f42bff933e193f76119e59e8c8d7df52271332
-
SHA256
33a72fddfb31f23f71b11ac223b87c62e1dcc371c6f238804220e0d969f09504
-
SHA512
4c488b7f4fce8046f0c60e26b96a6c57cd1f29d38b8a8911343fc9c28bbf30f55790623b78862ba6a31fbde9c78d16ea79de6434c6ce31c2b464fb1eba0b8855
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-