General
-
Target
a34172bdf8e69968914d8d12ec8403e8d08c8a080a7193fb78a74e23c8aca8e9
-
Size
370KB
-
Sample
220520-3b14lsbefr
-
MD5
468048cb3b9eb4b74f5d055f17eed0de
-
SHA1
7b15807638fd561691d516a79a10e16ccdc7f640
-
SHA256
a34172bdf8e69968914d8d12ec8403e8d08c8a080a7193fb78a74e23c8aca8e9
-
SHA512
9e567cf723469b58b95c42ff75334a2c21f61de1152070f3ac5a749fce76fbd36baf7e01fd969ea0e9b69c059afb7578cd209fd3d22ad1beceaead9bd9aef076
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order - OUR PO NO. 26107 - 26118.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order - OUR PO NO. 26107 - 26118.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Targets
-
-
Target
Purchase order - OUR PO NO. 26107 - 26118.pdf.exe
-
Size
437KB
-
MD5
79beaf628d291f7318d798335ea15066
-
SHA1
434b3eadddebc887c01a3cce8c58380d08347ed0
-
SHA256
7c6daca6a52996bc0826de8ca299e32b7d95be0e19df0b14149cd8aad22e366c
-
SHA512
08f8d30bd82ea3b6a1f7f4e8795c021ee2516c7f300ebc2fc4d13c7731a3690c665614d1596656cab3689f712663be8df617ba4697efa8e460fb481d49493be3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-