General
-
Target
bbee8cfb92eb86007b07151e015714c58ae670b9c68c90421f5407d4b285fca9
-
Size
528KB
-
Sample
220520-3xbqvacedl
-
MD5
1c83b2b510768d02d095326529aa22bd
-
SHA1
d0edb8f97fdbb3708b28ee93522a0f5042329af3
-
SHA256
bbee8cfb92eb86007b07151e015714c58ae670b9c68c90421f5407d4b285fca9
-
SHA512
df72981cdf6e151a40a194ec1dfc94239d4431374544d85d1418f354c6309a8837aba3cdbc68a0efe0c43bfcfaa4c78b4f7d25537e98923ed9e50cc87bf23908
Static task
static1
Behavioral task
behavioral1
Sample
#300002311PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
#300002311PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
IZmBVEm3
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
IZmBVEm3
Targets
-
-
Target
#300002311PDF.exe
-
Size
678KB
-
MD5
9176a5355a0960cf320fcd1a8d434a28
-
SHA1
cbc04a4f98504f96d99dc25a61ab519efabff736
-
SHA256
068e2be03e22687430eff635ad02df7c819f320888095cf4879802cfdbd83353
-
SHA512
5b3603940e75e7de210a788c24cf802a2e8b1479a288c78c617eb36786ee3c125ad3b7ef3a8f7f14111ff32a972b2959d44a6eb5aeaf39f030e2b0b94f19a2ef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-