General
-
Target
New Price List pdf.exe
-
Size
878KB
-
Sample
210511-h55xap5gae
-
MD5
fa030b63047912ff016c5b258cb90324
-
SHA1
375aa0ee7144ee0abde8c0d6cbf32e6fd41aebbf
-
SHA256
2fec5a8a55f441415b81b02e233a959d766aa32929cf5d92ff7068c867d01f23
-
SHA512
311d2003e016c9230bc6818860b0f52b7b434ae0e7cfdd132e08b4038c0b9adc25be583492a5cd9130709779bb54a025229430650d5f257cf69beebad1408a33
Static task
static1
Behavioral task
behavioral1
Sample
New Price List pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
New Price List pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.davitecco.com - Port:
587 - Username:
purchase03@davitecco.com - Password:
J-y2i7#INlWI
Targets
-
-
Target
New Price List pdf.exe
-
Size
878KB
-
MD5
fa030b63047912ff016c5b258cb90324
-
SHA1
375aa0ee7144ee0abde8c0d6cbf32e6fd41aebbf
-
SHA256
2fec5a8a55f441415b81b02e233a959d766aa32929cf5d92ff7068c867d01f23
-
SHA512
311d2003e016c9230bc6818860b0f52b7b434ae0e7cfdd132e08b4038c0b9adc25be583492a5cd9130709779bb54a025229430650d5f257cf69beebad1408a33
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-