General
-
Target
INV 08800290418 pdf.exe
-
Size
416KB
-
Sample
211019-myz7tsgfaq
-
MD5
65b5de7cde2733050661417938979e09
-
SHA1
4d69a5ad1f1e5191ca66155c09925957c3c5dda7
-
SHA256
1a4303aab126cc29cb12fbce8ae802898733bf4b08d531a3ae09994b22f5540d
-
SHA512
85b91edabcd805b18e3f7ac86a10425f50b6f37ab89c735e71b5d253e28c7a255f76d74fcb83c0d79d9b7ca08154d40270e0a5ec13c12bc72e77d9851a45ba73
Static task
static1
Behavioral task
behavioral1
Sample
INV 08800290418 pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
INV 08800290418 pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
C%)%GWZe9
Targets
-
-
Target
INV 08800290418 pdf.exe
-
Size
416KB
-
MD5
65b5de7cde2733050661417938979e09
-
SHA1
4d69a5ad1f1e5191ca66155c09925957c3c5dda7
-
SHA256
1a4303aab126cc29cb12fbce8ae802898733bf4b08d531a3ae09994b22f5540d
-
SHA512
85b91edabcd805b18e3f7ac86a10425f50b6f37ab89c735e71b5d253e28c7a255f76d74fcb83c0d79d9b7ca08154d40270e0a5ec13c12bc72e77d9851a45ba73
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-