General
-
Target
9bf075b3f65175577943cc58e356164094b5c8ca8715aca2aea0f1ebec15ae40
-
Size
705KB
-
Sample
220520-2srqtsahhm
-
MD5
6136b2442949fbe1c3bbdc0b7a52d3fa
-
SHA1
d7d86a9447f88b043d036acfeadb28f8cee430ba
-
SHA256
9bf075b3f65175577943cc58e356164094b5c8ca8715aca2aea0f1ebec15ae40
-
SHA512
90e58e784ad8ad24ad7c4b1d24f30fd2184ff889628f3f2e80d37001e2e6d0bc78b4da88f9c7e39857f70bf3c15443fd4a0016c38e19372627ec9d15b80e11bc
Static task
static1
Behavioral task
behavioral1
Sample
167647227-54134-sdfnt4-2.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
167647227-54134-sdfnt4-2.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
sogood12
Targets
-
-
Target
167647227-54134-sdfnt4-2.pdf.exe
-
Size
821KB
-
MD5
249daa1c11b1c6f8e7097555a94bd56a
-
SHA1
dcf0851a7816647a9f4d985741cc9a526ec434b0
-
SHA256
20e0f8561c714292edd786c9d77983c8777d8d5740758e43c08ab899e5c00023
-
SHA512
ccef8b1689026ea45202dba270371728e8eb85396493caf08ec5f71c78038839e858a37f6aa9854f8577dab1e76a84f9df87e9db21c777d0cb31c61d45b6ac08
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-