General
-
Target
Waybilldoc_220950655.pdf.exe
-
Size
465KB
-
Sample
211202-xxrjeaedf3
-
MD5
717a4adeeaf2cc5ccccc944accb3b2fd
-
SHA1
834b3549011ac52fa34c2299b8194087f6a695e8
-
SHA256
52ffc0a75a42165e68bc35efc7b9bdd4069c7f5d4054c040737cfc87ae158da8
-
SHA512
a6f52d450d198458a85f01a9b6a0a14aa8356cb68bec713474efd1935f686b9c4fc68eb0dd43fd978bbee17650ef8688e46759d30c11f50ec2c15dd5584b40ea
Static task
static1
Behavioral task
behavioral1
Sample
Waybilldoc_220950655.pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Waybilldoc_220950655.pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bhgautopartes.com - Port:
587 - Username:
ugo@bhgautopartes.com - Password:
icui4cu2@@
Targets
-
-
Target
Waybilldoc_220950655.pdf.exe
-
Size
465KB
-
MD5
717a4adeeaf2cc5ccccc944accb3b2fd
-
SHA1
834b3549011ac52fa34c2299b8194087f6a695e8
-
SHA256
52ffc0a75a42165e68bc35efc7b9bdd4069c7f5d4054c040737cfc87ae158da8
-
SHA512
a6f52d450d198458a85f01a9b6a0a14aa8356cb68bec713474efd1935f686b9c4fc68eb0dd43fd978bbee17650ef8688e46759d30c11f50ec2c15dd5584b40ea
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-