General
-
Target
cad144eefaf528cbbc2fa53039771d327f71aac6749c06ad815399a878fc3dcd
-
Size
446KB
-
Sample
220520-3tbxfaheb7
-
MD5
1c5a9356300ef2b505d2c9fed27d3f53
-
SHA1
0736bde36b4ae439d24bf9ea261a204a23698891
-
SHA256
cad144eefaf528cbbc2fa53039771d327f71aac6749c06ad815399a878fc3dcd
-
SHA512
1e3ec7508c1294f142dfc405d41c0378d40e593bb8ed6cf7951592c51b28c3b7d00e0271c30a1b818793646f6d01f08df5ab447f857a954b8d2c2dc8efa8faf8
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER INQUIRY-002692020.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW ORDER INQUIRY-002692020.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
sOeKk#E6
Targets
-
-
Target
NEW ORDER INQUIRY-002692020.pdf.exe
-
Size
564KB
-
MD5
1f943e3d2d9d9e2bd4f44497764b8bcb
-
SHA1
e52c0f0a003dd221a1cd0592767133044828835a
-
SHA256
1382fdb29bab4fdfecdead8eb5d85d022a16d4f0286513b226745d890a3f47f4
-
SHA512
f2e1e109669dd8a7c9967e8308df0a08b59e0c19c4fb41c88e913c32c29fafc883facfc0ca3ca0f9687fdb35c5c1f4cef09218c09af6e093572b462ee085490a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-