General
-
Target
5 - Coppdf.zip
-
Size
8KB
-
Sample
211109-bxk6qsbdfn
-
MD5
2d04432a42b6ecda060449936228cd0a
-
SHA1
8932f17d5351716a212ab881064863762adbc5fc
-
SHA256
3876e223172031e9439671a3a92431f56626d4a4a086bd04e1a5af7c2531e211
-
SHA512
3dc501cf0260639d92dfc9cfc3553ae66a9f96173c07fcd484283c8c48f47cf05ce01c1abc7343de271df8858c234f64b16a1e7c4bcb99b174cc79e7adc2b36c
Static task
static1
Behavioral task
behavioral1
Sample
5 - Cop'pdf.ppam
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
5 - Cop'pdf.ppam
Resource
win10-en-20211104
Malware Config
Targets
-
-
Target
5 - Cop'pdf.ppam
-
Size
9KB
-
MD5
b9d1df2b77e53cb16cf16d49fc58a389
-
SHA1
781d0110c515b97e6e59a32553ffede3b348c4c7
-
SHA256
7f34a31e373c251feb722cb17aba6d8f2d2cafe646a0c2cd584f75f99b526d53
-
SHA512
0f7d99c2ebb24a005c6aa7a5b76fa438123639466741452f48baff058c615e583405c1ef692bf8d127a184d25956bbe7b5fe7b95e47eae94f56f0a09848c3f09
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-