General
-
Target
attached TT PDF.exe
-
Size
789KB
-
Sample
210727-q7xmab569x
-
MD5
891f97173c0a90ed3d336e303908b38a
-
SHA1
49a4e10a12d5aec836cc2b1cfcfce3784446929b
-
SHA256
2f25825c264a731f59bdee108cdd8fdf062501404952294c7fdbd4e46d4ccc7e
-
SHA512
b5c3168d1ded6eeee2b364f9d0aa3e45f60c630d353d6d1178f84e784783def83ed9512069fdb04821150cb04344f0b2e17088033ecddb15709615bca947eed3
Static task
static1
Behavioral task
behavioral1
Sample
attached TT PDF.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
attached TT PDF.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.esquiresweaters.com - Port:
587 - Username:
imam@esquiresweaters.com - Password:
Esquire@#2078
Targets
-
-
Target
attached TT PDF.exe
-
Size
789KB
-
MD5
891f97173c0a90ed3d336e303908b38a
-
SHA1
49a4e10a12d5aec836cc2b1cfcfce3784446929b
-
SHA256
2f25825c264a731f59bdee108cdd8fdf062501404952294c7fdbd4e46d4ccc7e
-
SHA512
b5c3168d1ded6eeee2b364f9d0aa3e45f60c630d353d6d1178f84e784783def83ed9512069fdb04821150cb04344f0b2e17088033ecddb15709615bca947eed3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-