General
-
Target
ea9f561f456f701ba4651db5d64290a7bdec93e3a6c5919c6047d171ea9d5858
-
Size
214KB
-
Sample
220520-3l6rvahbc8
-
MD5
011c0f9334f9cc1ad9033242f3e05f34
-
SHA1
ce414cee51af8440e97cb46f743b9a085a5a4259
-
SHA256
ea9f561f456f701ba4651db5d64290a7bdec93e3a6c5919c6047d171ea9d5858
-
SHA512
c1732299c65f3adbdf2158cda2bdbae32f835979b0f51c6b7de2447120eb81004c8e883fd9d05f9599648036df0aaf2f046f3cffe6b72892ceb4d45c0d892ef0
Static task
static1
Behavioral task
behavioral1
Sample
TNT SHIPPING DETAILS _PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TNT SHIPPING DETAILS _PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.arrmet.in - Port:
587 - Username:
[email protected] - Password:
h)pzIy(9
Targets
-
-
Target
TNT SHIPPING DETAILS _PDF.exe
-
Size
606KB
-
MD5
f80445a3a305423f29cfb4afaf419f8d
-
SHA1
2c505737e2421b8b085b1bd7247298c16c96f6fd
-
SHA256
f89735262eafaafe7d296c51043f3e0b0b499f06f25021b4bcad470674fbbdb6
-
SHA512
351c3d4f25c2a2ffd9603bb6f8bdd409ad8d7f3d0e6b4e9915130cfd40a4466fa6ec7e9c9c3ef2bd5305b2b70aa6b3dc1e514437b146773af5369efb03d14351
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-