General
-
Target
7496b647484b4559a75f16fa11ae0b55c76de7bb20620125e33d957140ed0252
-
Size
399KB
-
Sample
220521-al8bfsadg8
-
MD5
8585d8366763624ca2c229c0407103ea
-
SHA1
90ce9ca3b908196f39fb35cf04dadd83af4c6caf
-
SHA256
7496b647484b4559a75f16fa11ae0b55c76de7bb20620125e33d957140ed0252
-
SHA512
5c94b2ba53920e4dc55067554b2af088c92e1d0eb5ed7f66fabe6936eb8a59fbb7e25d16f25cb071647f5f75b264da5691ecf2865e1e37c0888a951f29280a97
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order - OUR PO NO. 26107 - 26118.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order - OUR PO NO. 26107 - 26118.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Targets
-
-
Target
Purchase order - OUR PO NO. 26107 - 26118.pdf.exe
-
Size
440KB
-
MD5
bfa073104e78d07bc7ea4cc3e7628d66
-
SHA1
b5709bdf5f9256a1decb59856431ce03ecc9a786
-
SHA256
5145299a7e9cafe3a9bd0a61ac828370dd4810edd14d37f74d7f06efa58fde35
-
SHA512
f1fb4643c8ca31413667c696f5ccd38e678c58a8b95bea8b6158e32b090def419f3ad9cface85d2d6176924a14ff50076b6fcf49ad68469f9e089a008feb9b50
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-