General
-
Target
Martina Order_pdf.exe
-
Size
453KB
-
Sample
210726-qqz2995n5j
-
MD5
a2ed4963dfd45090c2112b7ba2422f86
-
SHA1
2bcef9993ffb483d5b7a8d482c00d33c71a28a02
-
SHA256
bcdf684939411112be33475b5422edf1f6b8219b0f1b786e1ad222d2ebbca6c1
-
SHA512
57891e845c2dcaf071ef6e5bae4a6cbb93789f563d84481d1447d4c36aa9f4f13f9d32d743672d8dcd293c1129c2f14e23804f7a19aaa8e0a3e9378e04b4d911
Static task
static1
Behavioral task
behavioral1
Sample
Martina Order_pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Martina Order_pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mohhg.com - Port:
587 - Username:
admin@mohhg.com - Password:
r:1{cNw4}vJc
Targets
-
-
Target
Martina Order_pdf.exe
-
Size
453KB
-
MD5
a2ed4963dfd45090c2112b7ba2422f86
-
SHA1
2bcef9993ffb483d5b7a8d482c00d33c71a28a02
-
SHA256
bcdf684939411112be33475b5422edf1f6b8219b0f1b786e1ad222d2ebbca6c1
-
SHA512
57891e845c2dcaf071ef6e5bae4a6cbb93789f563d84481d1447d4c36aa9f4f13f9d32d743672d8dcd293c1129c2f14e23804f7a19aaa8e0a3e9378e04b4d911
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-