General
-
Target
ee7e6fa7566ab7b78ca06dfe30157041da2ecbf261bf5863389b2d2ffc8bfbd6
-
Size
542KB
-
Sample
220520-16atsshhaj
-
MD5
2d79ef939967549dbde7fbac2788a675
-
SHA1
f5abc752b5e1a58809d34f20c84e6ac487fe542a
-
SHA256
ee7e6fa7566ab7b78ca06dfe30157041da2ecbf261bf5863389b2d2ffc8bfbd6
-
SHA512
5d0be0e78fea32f62f9297c9ceb102c1c427f144e64d7aedffd4f0e6ad8e26f2f73a9f872f6cd25556d2bf0bcef5456f1b04b8072ea6a999c82a1c003d3edb3c
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE B1018364.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTE B1018364.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
H(FPf]j;OgNA
Targets
-
-
Target
QUOTE B1018364.pdf.exe
-
Size
575KB
-
MD5
05352f6976f6aa5740d2d502022c00b2
-
SHA1
f15ff63912bbbacb4454d58a12f08240f971b974
-
SHA256
4b6a3f081e8c3446ceda38794bf4922dff17d04cd79759b4bd543b0c5df7a4a3
-
SHA512
c5c3b99a16aecbba08adf4ea92bbeeb61e25263af46c6a1362740e3459b37683b04411813e8f51cb20a4e27d7a428f43456a46bf0d4bda9a5f3ed52ce0afb230
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-