General
-
Target
0000000654.pdf.exe
-
Size
919KB
-
Sample
210511-bckqahxf3s
-
MD5
349f507794afb6e5c6c5a1abeeaae124
-
SHA1
665a2e9b4695df7246dc17cc5add3a173fd42c16
-
SHA256
f2a3c147eb3cb69591f0291b5a1d324a288f86773890fd77b24f255d13feb7bc
-
SHA512
5e7df9509825e59ee04072365a441a3f7e01fa6cafdecfbd2a6f746363a8d3a3c4d7712f9be1300691d96dac2e0697a14c9b61fcfa8c55c2c552f6d9c202b9c6
Static task
static1
Behavioral task
behavioral1
Sample
0000000654.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
0000000654.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.cordial-rothfusz.com - Port:
587 - Username:
miguelangeltec@cordial-rothfusz.com - Password:
5212681fF
Targets
-
-
Target
0000000654.pdf.exe
-
Size
919KB
-
MD5
349f507794afb6e5c6c5a1abeeaae124
-
SHA1
665a2e9b4695df7246dc17cc5add3a173fd42c16
-
SHA256
f2a3c147eb3cb69591f0291b5a1d324a288f86773890fd77b24f255d13feb7bc
-
SHA512
5e7df9509825e59ee04072365a441a3f7e01fa6cafdecfbd2a6f746363a8d3a3c4d7712f9be1300691d96dac2e0697a14c9b61fcfa8c55c2c552f6d9c202b9c6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-