General
-
Target
184285013-044310-sanlccjavap0003-7069_pdf (2).exe
-
Size
676KB
-
Sample
210728-zzy6d5bkwa
-
MD5
075ed58f01d9d87c0838fa73534187c5
-
SHA1
84baf0c318d1e8a22b02b9f3ce313fae44350747
-
SHA256
fc5ed0a66d1dc9b980a9c09c563979d48c840963569ccb81eb5972beed07c2b8
-
SHA512
1ba2c1285d1ab807453cbb4915d03d675f14994420f0cc9d1fed98356ad4fe93df009005d6c6156b9a5abb1f2d3eaa51cc41980d3c98208c2e5454f9dc514663
Static task
static1
Behavioral task
behavioral1
Sample
184285013-044310-sanlccjavap0003-7069_pdf (2).exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
184285013-044310-sanlccjavap0003-7069_pdf (2).exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
[email protected] - Password:
transportes
Targets
-
-
Target
184285013-044310-sanlccjavap0003-7069_pdf (2).exe
-
Size
676KB
-
MD5
075ed58f01d9d87c0838fa73534187c5
-
SHA1
84baf0c318d1e8a22b02b9f3ce313fae44350747
-
SHA256
fc5ed0a66d1dc9b980a9c09c563979d48c840963569ccb81eb5972beed07c2b8
-
SHA512
1ba2c1285d1ab807453cbb4915d03d675f14994420f0cc9d1fed98356ad4fe93df009005d6c6156b9a5abb1f2d3eaa51cc41980d3c98208c2e5454f9dc514663
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-