General
-
Target
93ed7ebb924f2b3efb476e6d30a3d26ae59c95fa7020c5d60bd7c65b00891377
-
Size
536KB
-
Sample
220521-aep7asabb9
-
MD5
c324e6d021b720d2d92c59225b912655
-
SHA1
29b0dc93d729ac0dd8d3438b4d68c849a792bb7b
-
SHA256
93ed7ebb924f2b3efb476e6d30a3d26ae59c95fa7020c5d60bd7c65b00891377
-
SHA512
9a919e184a5eacbfd10f03f5999b505b6677fc6a990fed7359057922ab042deebaaae13e3e5fe5a7173992ba654826d22472945afb18fa596299a755c9707cb7
Static task
static1
Behavioral task
behavioral1
Sample
MV TBN PDA REQUEST_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV TBN PDA REQUEST_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
fingersawumen101
Targets
-
-
Target
MV TBN PDA REQUEST_pdf.exe
-
Size
757KB
-
MD5
0adb8c19202510c5012d95b4ca515618
-
SHA1
6fb960b0a5fddb3db605e237b5996afc7414a813
-
SHA256
96d028a9dd05d0cbc03a7308fa10d516aca5b5628fef5aecef021181e6c1ce93
-
SHA512
ca135188c906672cce5958ade0538df6bee92dacbbc58673d1fc904e9a4b777073afca934ab29fb93afd16f4cf93ec6b01f9dacfbd8d2bf7fc4bd4b1e17ae432
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-