General
-
Target
aadc7a8cdcd35f536e33f5ec7607d61a5f8bba74ce1a3872bf7275bbc8620e09
-
Size
478KB
-
Sample
220520-31te3ahhb2
-
MD5
b5d427538819c371477697664e1b1a97
-
SHA1
ab6e85e0134ea903c8efe30d125d8c9c9ee0e0f3
-
SHA256
aadc7a8cdcd35f536e33f5ec7607d61a5f8bba74ce1a3872bf7275bbc8620e09
-
SHA512
859a05d84b62501c5bdd52a3c604690a8a5e0daba77fbb0e2bd47ad21633578102a242f9aac2cbacf4a0b5ec98212a99d4544b90d4c626ffbb51ad4ded2e345c
Static task
static1
Behavioral task
behavioral1
Sample
PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.winhalltech.com - Port:
587 - Username:
[email protected] - Password:
Hafizzul*010218
Extracted
Protocol: smtp- Host:
mail.winhalltech.com - Port:
587 - Username:
[email protected] - Password:
Hafizzul*010218
Targets
-
-
Target
PDF.exe
-
Size
626KB
-
MD5
7fe286bbea38d0c243ed3ae817fdfa4d
-
SHA1
687f63607fdfd7069b75884fe7d482031a4256f1
-
SHA256
a6119bf5630539f2332991489428101c2e05599927576d5ce8ba4a86fd16f018
-
SHA512
3d018551a1b63616b6af09a63fecf494ab3bc5f1eeca6d085e042dd92a597b44d622a455df30477436bf62062beabc3e71d014c84c8a5f26299e0dc149f0c19f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-