General
-
Target
544425P.oINVO.pdf.gz.exe
-
Size
650KB
-
Sample
210727-x85jvt7n6a
-
MD5
15e2bf94719a98435c1c99326541b5f0
-
SHA1
29d9b053727792ce4ffb1602319b8dec811b921a
-
SHA256
500c7992cee573057608d6cdb64958b16c4d6a8605be652dde71b579db731419
-
SHA512
bf12910c8008e91496563d532eb6e1d66e191e8370448d069cd6b279025b7a497f8f41c1b704773356c171cd358187f9c935b687615b6bee0d0b2b08e10142fa
Static task
static1
Behavioral task
behavioral1
Sample
544425P.oINVO.pdf.gz.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
544425P.oINVO.pdf.gz.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bundabergtrophies.com.au - Port:
587 - Username:
memorials@bundabergtrophies.com.au - Password:
KzDcikPPHW
Targets
-
-
Target
544425P.oINVO.pdf.gz.exe
-
Size
650KB
-
MD5
15e2bf94719a98435c1c99326541b5f0
-
SHA1
29d9b053727792ce4ffb1602319b8dec811b921a
-
SHA256
500c7992cee573057608d6cdb64958b16c4d6a8605be652dde71b579db731419
-
SHA512
bf12910c8008e91496563d532eb6e1d66e191e8370448d069cd6b279025b7a497f8f41c1b704773356c171cd358187f9c935b687615b6bee0d0b2b08e10142fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-