General
-
Target
1111110.pdf.exe
-
Size
732KB
-
Sample
211022-xa7l4schbl
-
MD5
96ba365981ceab9b90a1bdf5edeb0667
-
SHA1
723a587b705efc8b626906f72a0cd3931b9b24d7
-
SHA256
a6d4d40ed4005906347b782bf9b5625b9ac4adf0b2728b695e86f0e4c7cdf4c1
-
SHA512
48c2d7a09053d6a261dc32c57193aedef363c8e99ac7b2f1fc68d02d78b73de2f0108aef5a00fe4903312ebb77a34eaf4adaf4d650a4e8ac73736241924d3d61
Static task
static1
Behavioral task
behavioral1
Sample
1111110.pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
1111110.pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
logs@chinadulokislogs.xyz - Password:
CHINADUA@#asx122
Targets
-
-
Target
1111110.pdf.exe
-
Size
732KB
-
MD5
96ba365981ceab9b90a1bdf5edeb0667
-
SHA1
723a587b705efc8b626906f72a0cd3931b9b24d7
-
SHA256
a6d4d40ed4005906347b782bf9b5625b9ac4adf0b2728b695e86f0e4c7cdf4c1
-
SHA512
48c2d7a09053d6a261dc32c57193aedef363c8e99ac7b2f1fc68d02d78b73de2f0108aef5a00fe4903312ebb77a34eaf4adaf4d650a4e8ac73736241924d3d61
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-