General
-
Target
d736f11309a33f0c955e471e591011bcad6000f15f23918edcdf4646ef481d15
-
Size
443KB
-
Sample
220520-3qhwksccar
-
MD5
45f5f8e30e82bea41abf6ff80b92e805
-
SHA1
46f7d930bf0f5fafa1c016cd555865c24a6c1bf5
-
SHA256
d736f11309a33f0c955e471e591011bcad6000f15f23918edcdf4646ef481d15
-
SHA512
0694c6f092f5d522c0a8955abe10a3515722b572377ddf45dbe03af91eaf2b2402554e0c25b67a35cc5de56a1238ae4cd97e342d294c133aaa70a1274434223d
Static task
static1
Behavioral task
behavioral1
Sample
AWB & Invoice.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB & Invoice.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
sOeKk#E6
Targets
-
-
Target
AWB & Invoice.pdf.exe
-
Size
550KB
-
MD5
fd3929d44d2bae2bee381c93da6afab5
-
SHA1
cd715fc9f66e660f7e5d473a0b4cad2972a6022d
-
SHA256
4237e2a449cd82e58728a1fbaa1fe942a2f8f757475fbc0262324294b4636ea2
-
SHA512
8e975de340c4f9669f02edeef976f4562dee156bafaaa6818226ff30a9e14b4345f9ee321aabd4e75e4c83862a09be1d867665445afff27b7858500cd220a543
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-