General
-
Target
c5e590e0220a03eac1b1533badab7c8b42fde3ca50792bc23aeba5b7c052a928
-
Size
441KB
-
Sample
220520-288z2sbdek
-
MD5
61b4a4b7c9bafa08feadc5c4f261cebd
-
SHA1
b2c534a406af4114bea54d053888e351be48b0a7
-
SHA256
c5e590e0220a03eac1b1533badab7c8b42fde3ca50792bc23aeba5b7c052a928
-
SHA512
2aa47eb2275740e2e30055f0eb027f74f88c39480a194049ad6b467994a994e2b52e605fe6e9b656c42cd3876dc0f08828c507ed9cfc1b3dea2f9f7bbaff5149
Static task
static1
Behavioral task
behavioral1
Sample
David Order List & Images_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
David Order List & Images_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.negxen.eu - Port:
587 - Username:
[email protected] - Password:
z$:f45umUA+f
Targets
-
-
Target
David Order List & Images_pdf.exe
-
Size
670KB
-
MD5
2b7ab41056052dbec66110b1b83a5c29
-
SHA1
54641338fcbd0845fe612d8b7891813d0d80748b
-
SHA256
0529890413f7f952eb1b6a073369119f1f8f5c1b7e0a9611e721bd695975d0fa
-
SHA512
2a099c192fb550a9b278829f96dcd9bd3194966c4b6f0cc87273411e08b971d897291ff5d70c730b7f4c1aaac7087a7e3b022dc3722942d0744ee8fd4ee4e7cd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-