General
-
Target
documentos_fedex.pdf_________________________________________.tar
-
Size
394KB
-
Sample
211020-vlt42sacbr
-
MD5
fe9dced10915583ee953a43f2b26e6a5
-
SHA1
cbe5e00857e63ee8f7ed54ec21c2fbd19e946fac
-
SHA256
f687975fb9022c3f4733cec0cb3e5bbdd9549f3bcc8d471da11bbdf6a7cf8710
-
SHA512
8b0359861f889bf7cc960243738ae6bc6162f187d9d1b99f7576617510197d7565a86f3c0ad765242bff7d85de4bc1f48cd63e53bc00530009bdff65ac7ae7a4
Static task
static1
Behavioral task
behavioral1
Sample
documentos_fedex.pdf_________________________________________.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
documentos_fedex.pdf_________________________________________.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mudanzasdistintas.com.ar - Port:
587 - Username:
droid@mudanzasdistintas.com.ar - Password:
icui4cu2@@
Targets
-
-
Target
documentos_fedex.pdf_________________________________________.exe
-
Size
54.0MB
-
MD5
137d8696133709b5a740d6bd161ea9ff
-
SHA1
6fc929b046b6826e488a3c62c9d40e60fca392cd
-
SHA256
91938e21d8c32e2a00cda0b33d06ea197a7291ec33c9834f3220fb714bef2d98
-
SHA512
d891e6e192050615478cb8aa1c08dcd082cb9562229b20fa29f506519734975fff81df42f6915abb3c14260e2813227e11f2320dc6b250a44a7c650802874beb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-