General
-
Target
Orden econo-002064.pdf.exe
-
Size
487KB
-
Sample
211201-v4vhjahed3
-
MD5
c5d0b7527ac5eddcbe405005150c33e3
-
SHA1
80858a87383ec03e3260d65c4de39ab0a1f3552e
-
SHA256
f026fd83284504e70028c964b2f6ad22fc4529f35c42b00d5f85267e03f6a3c5
-
SHA512
720ab578e07df5d9c3caeeca3a072186a967dbb04e8ae8753779386e69bea42f4f0f5905f5c064025a64d42b6c20b9caa34b68fb5510c57f621cb0b706b08f55
Static task
static1
Behavioral task
behavioral1
Sample
Orden econo-002064.pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Orden econo-002064.pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
chinadu8744_33
Targets
-
-
Target
Orden econo-002064.pdf.exe
-
Size
487KB
-
MD5
c5d0b7527ac5eddcbe405005150c33e3
-
SHA1
80858a87383ec03e3260d65c4de39ab0a1f3552e
-
SHA256
f026fd83284504e70028c964b2f6ad22fc4529f35c42b00d5f85267e03f6a3c5
-
SHA512
720ab578e07df5d9c3caeeca3a072186a967dbb04e8ae8753779386e69bea42f4f0f5905f5c064025a64d42b6c20b9caa34b68fb5510c57f621cb0b706b08f55
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-