General
-
Target
3278-pdf.exe
-
Size
34KB
-
Sample
210728-2gavd9rcgs
-
MD5
19116e822e8178fc103e51fe18c825a4
-
SHA1
f590a8f1b2f337864b166d8ce53a53e77089135b
-
SHA256
b9cb59244ae380b87c41822802fe472bbab263e701339ce83a3d3896fbbda8d2
-
SHA512
3eff84d1dd5fd3fb162e25d2e8d7f3ccb12d408ec3cf18c9e644ca3a8b87b5a29e9c0a0726f929efb890fe8c9cff3a89709dc3f32a047ae1eda18296bd20c271
Static task
static1
Behavioral task
behavioral1
Sample
3278-pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3278-pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pss.net.pk - Port:
587 - Username:
[email protected] - Password:
AnisAhmed1980
Targets
-
-
Target
3278-pdf.exe
-
Size
34KB
-
MD5
19116e822e8178fc103e51fe18c825a4
-
SHA1
f590a8f1b2f337864b166d8ce53a53e77089135b
-
SHA256
b9cb59244ae380b87c41822802fe472bbab263e701339ce83a3d3896fbbda8d2
-
SHA512
3eff84d1dd5fd3fb162e25d2e8d7f3ccb12d408ec3cf18c9e644ca3a8b87b5a29e9c0a0726f929efb890fe8c9cff3a89709dc3f32a047ae1eda18296bd20c271
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE DTLoader Binary Request M2
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-