General
-
Target
Purchase_Inquiry_pdf.exe
-
Size
552KB
-
Sample
210915-hzdm1aaag2
-
MD5
5fc50cecdc7da2761f4ccce4b2c1362f
-
SHA1
536420b712568d288112f7f38c4e79792be0c107
-
SHA256
107c8bfec5d8a4e23c429692da4204025bb77fe71ff6b56a6804f5f19dc820c1
-
SHA512
d0e3660d667eeeb800d305516be5fab496e9ea8aaccb271867c4de41a74298b2031424dbc5aca211aa4f30f9e739923dfa9cd124ea8392f174588d6358aefce0
Static task
static1
Behavioral task
behavioral1
Sample
Purchase_Inquiry_pdf.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
Purchase_Inquiry_pdf.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
http://bot.statusupdate.one/webpanel-charles/mawa/e22cc3544e8953ec6191.php
Targets
-
-
Target
Purchase_Inquiry_pdf.exe
-
Size
552KB
-
MD5
5fc50cecdc7da2761f4ccce4b2c1362f
-
SHA1
536420b712568d288112f7f38c4e79792be0c107
-
SHA256
107c8bfec5d8a4e23c429692da4204025bb77fe71ff6b56a6804f5f19dc820c1
-
SHA512
d0e3660d667eeeb800d305516be5fab496e9ea8aaccb271867c4de41a74298b2031424dbc5aca211aa4f30f9e739923dfa9cd124ea8392f174588d6358aefce0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-