General
-
Target
ef2471abd3df40eb740829f5e77d1ed5b03084288b87ab381828345b0ca5bdbe
-
Size
516KB
-
Sample
220520-159lqsefg8
-
MD5
8c238d7772472b739c4fcc16eee59b52
-
SHA1
314a991d883843beb119112d581b0b8725f03520
-
SHA256
ef2471abd3df40eb740829f5e77d1ed5b03084288b87ab381828345b0ca5bdbe
-
SHA512
f1859935204ec0403c4fcfb74c191cf4738ca78499c08f57db16dd65eeaae3d05dbb867fcc1fae7933e45cb4e6ff9a9e0b85fd392b59700c4f272f19d5d8614d
Static task
static1
Behavioral task
behavioral1
Sample
PO-SER-PL-M17220.Pdf_____.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO-SER-PL-M17220.Pdf_____.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
opjis0123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
opjis0123
Targets
-
-
Target
PO-SER-PL-M17220.Pdf_____.exe
-
Size
543KB
-
MD5
0df52a14762922d0cda8cd8e5a26aa9f
-
SHA1
de55f7ee3187086acbf4ce7969080847eae81b9f
-
SHA256
40320b0e68eab85d1bedae171c4f0bbafd5bb19059038121247229c2186a66ec
-
SHA512
30adce433eb9ec4402f4b3871ca6b1176028404667789969e5bfdabf3c71acf793a194a3f8963acfeb429afa9c0bd5f0a5b5e7e06609e1b6bd1a952da765fe82
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-