General
-
Target
48d248c1e85e72722a1985b3e924537b89073d85ec64741156f1cf056657a0f4
-
Size
578KB
-
Sample
220520-3fdh4sbgbj
-
MD5
5e86ad1b12321ed3d94515c9ed31979c
-
SHA1
d47a05b0f56b470a3f325743d0ab6ed0cec69c78
-
SHA256
48d248c1e85e72722a1985b3e924537b89073d85ec64741156f1cf056657a0f4
-
SHA512
83b056c1c71c151d25d831ee0247b2ba80e43192cfa5b23d013d459edb15874334aff6f12f78ee9506cb361fbda36a3ec2b8d3e01b5fc26c6c8bd8bee1f9c740
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Proforma Invoice.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
Proforma Invoice.pdf.exe
-
Size
895KB
-
MD5
1a250202823dc2918d29aa7382e57cc0
-
SHA1
0fc67becff90b1c320cef1517dc27533e688f908
-
SHA256
cfadd7df7cc82715d61fdab7c61ccda630542c6d4e860cfc87bebde2ad0e4cc1
-
SHA512
1b5680f86683247fd295f90ee36a1718d3ab10b71c0f80077eaa72693fdbd25b5dad508992a06318e1d3ba7a889616c6cb9cc7e67d5e240f6fff7acb6f3f5142
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-