General
-
Target
RO10 CDO#384573-pdf.gz
-
Size
12KB
-
Sample
211025-g127bafff6
-
MD5
c23d06e5fb1ea39cdb5cc1f618779565
-
SHA1
fffb8274f2a46086b83ada3ea46b6ab662f5aae5
-
SHA256
36c27972ece83744057ddd0ae2a7683506689cbdd1e5c4c02fd8b84eabe0be12
-
SHA512
6a2dc521c5d8fbdff5ef1c41553ef770937610f6b31afeb9128678bd7f1c07964eb18c8900038b31898b5ed65e105a8c71225b8ac7e7f721b8d8c0e855fd9bf7
Static task
static1
Behavioral task
behavioral1
Sample
RO10 CDO#384573-pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
RO10 CDO#384573-pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fclbd.com - Port:
587 - Username:
ctg@fclbd.com - Password:
abc@123@
Targets
-
-
Target
RO10 CDO#384573-pdf.exe
-
Size
27KB
-
MD5
e767b4d87898a75cc0d0e031e29b7284
-
SHA1
25904e769d89aa44780a4b10153744d2fa533ec6
-
SHA256
119d1a20d3e248a55981b6798bfd80191217e143feaa1e2774e4cb813bfbe6bf
-
SHA512
fdbf41860bf490ce060575914c174f1aa19d4e0d97bb0415250d5046c77e632babcdd8a2634c81650db68c8053647bdf09b68e181516c5df99dd7ebaa81fdc1b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-