General
-
Target
3278-pdf.gz
-
Size
14KB
-
Sample
210728-qfzpt63r2e
-
MD5
22c1734267461f9ac3a45a927419330b
-
SHA1
d512ddf6346c6ef110c3451ab39cae672d4fb87e
-
SHA256
90e4af23894afb6b2fc86d8906faa27ded6b63ec2d849d8cb2e4d32d2306aac6
-
SHA512
aa84960aa928d68590c7712e103db656a2d320bbc7ab25851b6ce92751a845f15cc677e7195611be38b75379760cb614aa3046b82a00884e5889e9a624d44b3d
Static task
static1
Behavioral task
behavioral1
Sample
3278-pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3278-pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pss.net.pk - Port:
587 - Username:
[email protected] - Password:
AnisAhmed1980
Targets
-
-
Target
3278-pdf.exe
-
Size
34KB
-
MD5
19116e822e8178fc103e51fe18c825a4
-
SHA1
f590a8f1b2f337864b166d8ce53a53e77089135b
-
SHA256
b9cb59244ae380b87c41822802fe472bbab263e701339ce83a3d3896fbbda8d2
-
SHA512
3eff84d1dd5fd3fb162e25d2e8d7f3ccb12d408ec3cf18c9e644ca3a8b87b5a29e9c0a0726f929efb890fe8c9cff3a89709dc3f32a047ae1eda18296bd20c271
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE DTLoader Binary Request M2
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-