General
-
Target
80171e582c0f387804f7a05a41bc80bce2739ccc82a8945b21b24ba66c1b821b
-
Size
477KB
-
Sample
220521-ajtehsach9
-
MD5
d19f8baaffe99d264dbd0a99caf322ac
-
SHA1
8a4fedbd0c29df8e3ccd004b761deddbafdacae9
-
SHA256
80171e582c0f387804f7a05a41bc80bce2739ccc82a8945b21b24ba66c1b821b
-
SHA512
7d36146ea77473c921992b46ddff484aecbd5d0b1d7d17b1b1db6773f8f4213aeeda878db78be3e5a30c3d4b0aa5019927cfba0ff621cb8cdff1858beb5dcf34
Static task
static1
Behavioral task
behavioral1
Sample
scan009567443_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
scan009567443_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
scan009567443_pdf.exe
-
Size
732KB
-
MD5
c13e2f086b165bbc7a0faabfc14c9684
-
SHA1
e18adf1bcc29a654dbaaf9a12cf67756c2fd23fd
-
SHA256
fa2e9aca8e9942fbbad7006322243788563664b0b19ea83262959a5fec2f8b4c
-
SHA512
f1e0193309d76a52a043f06b853a225d4e94621282a2bea23098ed135b8df933ebc4ff98f3a53af91cda85cb837671a50ea097de18b52a9c599aa384a3b777bb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-