General
-
Target
PDA.exe
-
Size
963KB
-
Sample
211025-pv7tlsgbd9
-
MD5
378d5f97d0e28d2ead7fed9dc4abb798
-
SHA1
72370ce75aaf466bc048e00a108ecb8126ffc80b
-
SHA256
780de7b808b5dba8e6ef57a82e264dcbbbdc2f63de3ef6683c8627bd177c5103
-
SHA512
0bceb95865026c1d9d8fe0df72760acbaf5c5729f11652cd9c8469076f07264545fe08519c45a2d020b99e5ddb2a43fff8a3e04e51bfb7bc0d055d79b415afa4
Static task
static1
Behavioral task
behavioral1
Sample
PDA.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PDA.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.fllid.com - Port:
587 - Username:
[email protected] - Password:
ImbangFll
Targets
-
-
Target
PDA.exe
-
Size
963KB
-
MD5
378d5f97d0e28d2ead7fed9dc4abb798
-
SHA1
72370ce75aaf466bc048e00a108ecb8126ffc80b
-
SHA256
780de7b808b5dba8e6ef57a82e264dcbbbdc2f63de3ef6683c8627bd177c5103
-
SHA512
0bceb95865026c1d9d8fe0df72760acbaf5c5729f11652cd9c8469076f07264545fe08519c45a2d020b99e5ddb2a43fff8a3e04e51bfb7bc0d055d79b415afa4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-