General
-
Target
Operational Instructions BSC BBC.pdf.exe
-
Size
1.1MB
-
Sample
210915-hzdm1adbbk
-
MD5
636ca0dbbfd6a5c2915781a46d5db5e0
-
SHA1
16a0e21f57cc447b8024999bbd67553c2ffb5e6e
-
SHA256
79ff327848f9254764561866a5b26ed55aa24453aea69b1f42dbcad5ac140b00
-
SHA512
fac6d0431ed20e56b7ae7d98342fe58bcc215bbccb5cd39c76585b95827c0216ce84e85c55e0055c16c8b901d6a6ceaf75780ea253daf3fd74f07d9840bbc086
Static task
static1
Behavioral task
behavioral1
Sample
Operational Instructions BSC BBC.pdf.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
Operational Instructions BSC BBC.pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.boydsteamships.com - Port:
587 - Username:
csanchez@boydsteamships.com - Password:
co*tNjEBt4
Targets
-
-
Target
Operational Instructions BSC BBC.pdf.exe
-
Size
1.1MB
-
MD5
636ca0dbbfd6a5c2915781a46d5db5e0
-
SHA1
16a0e21f57cc447b8024999bbd67553c2ffb5e6e
-
SHA256
79ff327848f9254764561866a5b26ed55aa24453aea69b1f42dbcad5ac140b00
-
SHA512
fac6d0431ed20e56b7ae7d98342fe58bcc215bbccb5cd39c76585b95827c0216ce84e85c55e0055c16c8b901d6a6ceaf75780ea253daf3fd74f07d9840bbc086
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-