General
-
Target
Cotizacion.pdf.exe
-
Size
634KB
-
Sample
210511-f44db7wtmj
-
MD5
27670c0af516c2f4cdec93153531413f
-
SHA1
d9e7784f9bbac76894096ad7ffc1100dd4e00c05
-
SHA256
db2df52c06b039021ffb4cbbda480c7bc071cacc2d31348ef719025efd48587a
-
SHA512
d4786154bad55330ceaa24b3999f4a20ace5b064034661bc0e37bb224fca6ea77dc6699ecc41cd5ac985cbd336a497ac3003a3fc57960f88a0711501d455ecf9
Static task
static1
Behavioral task
behavioral1
Sample
Cotizacion.pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Cotizacion.pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prisamexico.net - Port:
587 - Username:
security@prisamexico.net - Password:
Opy44Yi.e65y
Targets
-
-
Target
Cotizacion.pdf.exe
-
Size
634KB
-
MD5
27670c0af516c2f4cdec93153531413f
-
SHA1
d9e7784f9bbac76894096ad7ffc1100dd4e00c05
-
SHA256
db2df52c06b039021ffb4cbbda480c7bc071cacc2d31348ef719025efd48587a
-
SHA512
d4786154bad55330ceaa24b3999f4a20ace5b064034661bc0e37bb224fca6ea77dc6699ecc41cd5ac985cbd336a497ac3003a3fc57960f88a0711501d455ecf9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-