General
-
Target
KAF-PR-21-F-3089_pdf.exe
-
Size
544KB
-
Sample
210915-hqehyaaac9
-
MD5
b5fdcd6723e679c54a5f8652c59bc52a
-
SHA1
fc83546ee73bea22ea563b9644700abef62d0ef2
-
SHA256
245e18b14a6b231f2a89b812dace828478aa24419d600e2ac8c7acd989320e1a
-
SHA512
788e6a270a1c05dad9bb322224ea62d6615828ab744e24879c363858ec68b8dddc83ecb0b4f99f39e594625b4effb26499d4fd07d11188ec6fb558fba93fb4a3
Static task
static1
Behavioral task
behavioral1
Sample
KAF-PR-21-F-3089_pdf.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
KAF-PR-21-F-3089_pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fclbd.com - Port:
587 - Username:
ctg@fclbd.com - Password:
abc@123@
Targets
-
-
Target
KAF-PR-21-F-3089_pdf.exe
-
Size
544KB
-
MD5
b5fdcd6723e679c54a5f8652c59bc52a
-
SHA1
fc83546ee73bea22ea563b9644700abef62d0ef2
-
SHA256
245e18b14a6b231f2a89b812dace828478aa24419d600e2ac8c7acd989320e1a
-
SHA512
788e6a270a1c05dad9bb322224ea62d6615828ab744e24879c363858ec68b8dddc83ecb0b4f99f39e594625b4effb26499d4fd07d11188ec6fb558fba93fb4a3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-