General
-
Target
attached TT PDF.7z
-
Size
666KB
-
Sample
210722-k8qam8e9ze
-
MD5
d22dcd791c9353676ef483f5b874c098
-
SHA1
0a55218ad40796c0ea259abad9562f577a21e784
-
SHA256
701ad765cfe875e6bf812319435a9bf13bd2cbc6f3907352fcbdfcd0e35469b0
-
SHA512
52fcc55a8ab7b4fc362de690f64543087bb3313991887d13c36a9bdf91b6dbfe1b212cd4aaa9f5a70f8620320ebefce8a3e6e085cc0d53308847d15910ce70db
Static task
static1
Behavioral task
behavioral1
Sample
attached TT PDF.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
attached TT PDF.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.esquiresweaters.com - Port:
587 - Username:
[email protected] - Password:
Esquire@#2078
Targets
-
-
Target
attached TT PDF.exe
-
Size
789KB
-
MD5
891f97173c0a90ed3d336e303908b38a
-
SHA1
49a4e10a12d5aec836cc2b1cfcfce3784446929b
-
SHA256
2f25825c264a731f59bdee108cdd8fdf062501404952294c7fdbd4e46d4ccc7e
-
SHA512
b5c3168d1ded6eeee2b364f9d0aa3e45f60c630d353d6d1178f84e784783def83ed9512069fdb04821150cb04344f0b2e17088033ecddb15709615bca947eed3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-