General
-
Target
PO #367459.pdf.exe
-
Size
871KB
-
Sample
210511-dwetdz6vns
-
MD5
d7a5bea94fbfa892c29abfdad51486e8
-
SHA1
7ad7890d32d92d3dfcbbfda26e0cde2da7a94c21
-
SHA256
ad191b230cb5e870e4f4a32f242f0545914d1fb36a050bf4e5dcb3ab8d8d83c0
-
SHA512
3e2f9c90afee1bfa7da1b6dfa89a86c58186f9d02ff396fe730fd2ef31323bb6157cb12078587ad2ade074a6b85f181a7a7949e67b2ba0fa8fd550988475907a
Static task
static1
Behavioral task
behavioral1
Sample
PO #367459.pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO #367459.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
wati@vivaldi.net - Password:
88d6b2f288990
Targets
-
-
Target
PO #367459.pdf.exe
-
Size
871KB
-
MD5
d7a5bea94fbfa892c29abfdad51486e8
-
SHA1
7ad7890d32d92d3dfcbbfda26e0cde2da7a94c21
-
SHA256
ad191b230cb5e870e4f4a32f242f0545914d1fb36a050bf4e5dcb3ab8d8d83c0
-
SHA512
3e2f9c90afee1bfa7da1b6dfa89a86c58186f9d02ff396fe730fd2ef31323bb6157cb12078587ad2ade074a6b85f181a7a7949e67b2ba0fa8fd550988475907a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-