General
-
Target
Pago Transferencia.pdf.exe
-
Size
489KB
-
Sample
211125-tjhgssffhl
-
MD5
02bf0fc6d6fdc5aa692f136da966b62c
-
SHA1
7ab36a1ea547408e9254428887b3a41a83e2c849
-
SHA256
49121cf42d9ee0f820e76416c3bd0ea7f69036fde442ca8ad2a69737c50ac97e
-
SHA512
2984aa3dbfbba599e3972831646f58015230268cd5ad2a468e0194804ab5132219a256efbfddfd2d3ee78b29b4dad0b8b67b79ec38bfba9919b3941e0dd4cd23
Static task
static1
Behavioral task
behavioral1
Sample
Pago Transferencia.pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Pago Transferencia.pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bhgautopartes.com - Port:
587 - Username:
ugo@bhgautopartes.com - Password:
icui4cu2@@
Targets
-
-
Target
Pago Transferencia.pdf.exe
-
Size
489KB
-
MD5
02bf0fc6d6fdc5aa692f136da966b62c
-
SHA1
7ab36a1ea547408e9254428887b3a41a83e2c849
-
SHA256
49121cf42d9ee0f820e76416c3bd0ea7f69036fde442ca8ad2a69737c50ac97e
-
SHA512
2984aa3dbfbba599e3972831646f58015230268cd5ad2a468e0194804ab5132219a256efbfddfd2d3ee78b29b4dad0b8b67b79ec38bfba9919b3941e0dd4cd23
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-