General
-
Target
invo5514155.pdf.exe
-
Size
687KB
-
Sample
210727-nswsvzlns6
-
MD5
fc0b0215e0ec8169fcd6556e236302c1
-
SHA1
e7b965067c6b7be5e24ad284562a9bac91e591e3
-
SHA256
4012c4289aa953f24fdc7e1e257f2d9b04f835a8d6bd1b8eb919271c46a7db62
-
SHA512
7359ba0dd283d5e9976d2604a87e8a48339e8d2f5433bd2488a2745c6443da672fe9889805b22f6044e2469333ef58b65d37d5f73eae3ab06b76d12704f5c0bd
Static task
static1
Behavioral task
behavioral1
Sample
invo5514155.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
invo5514155.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.simpleitalian.com.au - Port:
587 - Username:
bookings@simpleitalian.com.au - Password:
SIpassword101$
Targets
-
-
Target
invo5514155.pdf.exe
-
Size
687KB
-
MD5
fc0b0215e0ec8169fcd6556e236302c1
-
SHA1
e7b965067c6b7be5e24ad284562a9bac91e591e3
-
SHA256
4012c4289aa953f24fdc7e1e257f2d9b04f835a8d6bd1b8eb919271c46a7db62
-
SHA512
7359ba0dd283d5e9976d2604a87e8a48339e8d2f5433bd2488a2745c6443da672fe9889805b22f6044e2469333ef58b65d37d5f73eae3ab06b76d12704f5c0bd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-