General
-
Target
f1b3c6cfecb62010f8cd4cb100a760865d244ee9bdf92d849f2561d2cd36882b
-
Size
268KB
-
Sample
220121-2t1ecsbhb5
-
MD5
0a5e9a75afeaf40c2ae3cbef91fe10af
-
SHA1
475f086deb0d86a384852e03a46394f267326771
-
SHA256
f1b3c6cfecb62010f8cd4cb100a760865d244ee9bdf92d849f2561d2cd36882b
-
SHA512
b2f0a0f22092318b372f73d015c1fd2e7251c04f97c3bee292716de2c99d09fd1fa09f7688a793cebc6602fd13ec8bbd1ad8b4f658ee0c94c0caff61f5261e8b
Static task
static1
Behavioral task
behavioral1
Sample
KINETRICS-INV AND CONTRACT OFFER_Pdf.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
KINETRICS-INV AND CONTRACT OFFER_Pdf.js
Resource
win10-en-20211208
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.zolvtek.com - Port:
587 - Username:
[email protected] - Password:
susan1234
Targets
-
-
Target
KINETRICS-INV AND CONTRACT OFFER_Pdf.js
-
Size
618KB
-
MD5
fc044ff2b1cbc1f3135d32f872feb918
-
SHA1
cd27200ed74b3bf66450f5dbebe39e76b906c006
-
SHA256
ab50b83463c8797644dbf07441650e06510b9d3aa70478e218dd0a1116c5001f
-
SHA512
a64da0d189fb7ea4a821cb892736f0e88e22a56eabcb02439e89512378755110405c2f792f20c5357cde783286ad0b7660c2166a0cc1a513ba8c0d539783aa84
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
WSHRAT Payload
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-