General
-
Target
967413f8a71a9d9e8430c41e655f6e8dffb2c73c4298597c658fe67a13a83b5f
-
Size
470KB
-
Sample
220521-ad4cjaaba3
-
MD5
19bd246cb42c8aa52338fac6936c76f5
-
SHA1
dadc29b900436a1eeaf4bff0fc4440088d3aece2
-
SHA256
967413f8a71a9d9e8430c41e655f6e8dffb2c73c4298597c658fe67a13a83b5f
-
SHA512
474d8d47cdc118e92ba51d9c5957c4dae0f59ded0ac369e0da9a127d21aa171390c3f9ab560759285844dca319b2123199a13f46d1fdad3b68db2bdc40e0a9f9
Static task
static1
Behavioral task
behavioral1
Sample
RFQ REF R2100131410.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ REF R2100131410.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
sOeKk#E6
Targets
-
-
Target
RFQ REF R2100131410.pdf.exe
-
Size
589KB
-
MD5
7135204b519212aa7a5dba15c23ae113
-
SHA1
ce5d702505bf3b3ad01452a124bb906122b40b31
-
SHA256
a540201f44f378a2bcade1e6190cd5784ae7cc0bc0f1138436afeb7b10ef7050
-
SHA512
308d936d09967f0558d315d1ca7ed08da10de5b3a4710c46db491734d493b1b2143e07d1f1f0b2729f0d7fb1846c9d9b55ad2e00af67b982ae36cec1b5d550e2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-