General
-
Target
QUOTE B1020363.pdf.gz
-
Size
521KB
-
Sample
210511-pvbcjnnn8x
-
MD5
6fea9fa0c1515401c1c1b16050fa47f2
-
SHA1
aad04e566fa2b06e48c8d99a5cbe69186d11a9bb
-
SHA256
b33da17596e956896a4791449395b6c8eee6e9d214b645373b218bc23240e203
-
SHA512
f23ba8880ab5341fc949680f1f6334f4e2e4508c000e1bc70bce092aac342c3ff49d9024504501b45417d3da97c961355afc0c469e6393bdfe8d3045d764f7c2
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE B1020363.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
QUOTE B1020363.pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
Graceboy123@vivaldi.net - Password:
4Lmm4pew4Z3EVCn
Targets
-
-
Target
QUOTE B1020363.pdf.exe
-
Size
735KB
-
MD5
8c817545d7ba60333a000ba5ce565776
-
SHA1
e2c55dc26dde7b0e07b950d9753ccee89d0216f0
-
SHA256
26799266072f7aeaf11cfe54773cd3f387dd383bb8900cf1708a8db00740d101
-
SHA512
2beec0619d4834e696f6c30513a9007e2e0c822c0290221de050b422abdd5e99025561ada8508e085d6415479a35eaef47f7040c3b5b1bffb464f0e95316d241
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-