General
-
Target
75f75ffb3f987ca0d9cdd37346a7abdfd09378e266c5f875d0392309b2bb4671
-
Size
543KB
-
Sample
220520-2x3nwsgbg3
-
MD5
47e22aa1a820ef75d271583c531fc07c
-
SHA1
38d0c7704050f588fc50fbb2e891e0df17a791f3
-
SHA256
75f75ffb3f987ca0d9cdd37346a7abdfd09378e266c5f875d0392309b2bb4671
-
SHA512
ee1cc0b5505f56b141d810eab3e2751fe8b3dc963ddb61c63a039d28423ff07601759386a6d00cdc01c2b0d438abdc8c2038c7c7588e68ab35a73246c3aa70dc
Static task
static1
Behavioral task
behavioral1
Sample
MV TBN - PORT INQUIRY FOR LOADING DAP IN BULK_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV TBN - PORT INQUIRY FOR LOADING DAP IN BULK_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Godisgood101
Targets
-
-
Target
MV TBN - PORT INQUIRY FOR LOADING DAP IN BULK_pdf.exe
-
Size
670KB
-
MD5
2179b80a71372fc6b7c8c4e014f9928f
-
SHA1
3cbf1652745da8c1ab9a77edd1c5230fd8a074ff
-
SHA256
e08fedcdcfc38684de2868ee177397876a60e28f6cbaf54f6eeb31c5280b0901
-
SHA512
20e48a490a77273f2f55f43540a2bcecbdd73f69e4f5bbd709861ae1aa2b94a8cfaf7b9053687a7e9583377f53d82416d2b933ff62389153ee99dd2468b932a5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-