General
-
Target
PO#011.PDF.exe
-
Size
901KB
-
Sample
210511-txm4s398ln
-
MD5
98957c57335fcefd5dce687b2eb7c248
-
SHA1
8f3893d501e48d7c582f1de1f321f8ac24338262
-
SHA256
b3d0bf9251e4c9e7643d80a95dc7ed46e06f062610c3f3cbcebb8ba8343ecede
-
SHA512
61ab71fae09b8f7fa28f9c7cdc055f28f91bd72367fa39c752ca95d1e5168e51ed64dcbe1bd72b6c0dd570ddb7b5ca8b954331ce3b61e705b7151db0660e9f89
Static task
static1
Behavioral task
behavioral1
Sample
PO#011.PDF.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO#011.PDF.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flourmillsindia.com - Port:
587 - Username:
sales@flourmillsindia.com - Password:
Swastik@1
Targets
-
-
Target
PO#011.PDF.exe
-
Size
901KB
-
MD5
98957c57335fcefd5dce687b2eb7c248
-
SHA1
8f3893d501e48d7c582f1de1f321f8ac24338262
-
SHA256
b3d0bf9251e4c9e7643d80a95dc7ed46e06f062610c3f3cbcebb8ba8343ecede
-
SHA512
61ab71fae09b8f7fa28f9c7cdc055f28f91bd72367fa39c752ca95d1e5168e51ed64dcbe1bd72b6c0dd570ddb7b5ca8b954331ce3b61e705b7151db0660e9f89
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-