General
-
Target
Moresco - Inquiry MEI-120321,pdf.exe
-
Size
582KB
-
Sample
211203-gtrf8sfabl
-
MD5
2ab46d1525daffd612d37d8ad4e917cf
-
SHA1
3450df35398dece6ad6eec2dc0a1cee490ef985d
-
SHA256
a666487c031511c40d0113b6cc8663f4f73059e5416a2c51e81f9c21b88d1daf
-
SHA512
e99f9a65b2e06eed345c8de87cda801368b177c535c492d2b8541d1a434262b9ac8a71b922214fbfb89352241b7d0b17523c2bb3f198eb64689990965e7c544e
Static task
static1
Behavioral task
behavioral1
Sample
Moresco - Inquiry MEI-120321,pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Moresco - Inquiry MEI-120321,pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://www.mgbless.in/darl/inc/7f9a17962eddfd.php
Targets
-
-
Target
Moresco - Inquiry MEI-120321,pdf.exe
-
Size
582KB
-
MD5
2ab46d1525daffd612d37d8ad4e917cf
-
SHA1
3450df35398dece6ad6eec2dc0a1cee490ef985d
-
SHA256
a666487c031511c40d0113b6cc8663f4f73059e5416a2c51e81f9c21b88d1daf
-
SHA512
e99f9a65b2e06eed345c8de87cda801368b177c535c492d2b8541d1a434262b9ac8a71b922214fbfb89352241b7d0b17523c2bb3f198eb64689990965e7c544e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-