General
-
Target
704c9d765e672bed80e1f569c90ac252672e596514cf121c25527b2a246058ae
-
Size
449KB
-
Sample
220521-amt58addej
-
MD5
c6b4ae07bc64e7fa6d69cd4a1ae7ac9b
-
SHA1
d35385d3654bf56a3f74420f42b4a8f998167544
-
SHA256
704c9d765e672bed80e1f569c90ac252672e596514cf121c25527b2a246058ae
-
SHA512
039905ba3fdc22be77fe8c102604014c41cf7913aa779a1db2edbb64d66e10dcf384e49e5982bc3b68d2130cee48b6296d0f88f47f4ed912483ba5ae20bb7d85
Static task
static1
Behavioral task
behavioral1
Sample
TDS 027654404_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TDS 027654404_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
TDS 027654404_pdf.exe
-
Size
565KB
-
MD5
a3d7a51555ed01cb495acce9f4a613c9
-
SHA1
8d566ea5fb0c3f257cfc8db7ae49200c1905b42c
-
SHA256
90668f8cc6f2af3378b032957f3941e7100560a57529df859e13f92eb91a561c
-
SHA512
2ae6bb08c66fe1014bb6590c58fd9e7c7bb97acb5e5880d170f0295c880922797b1ba20bf046c152eb20e51378f624ff9f3ad6f21c1820f26d309006f9448f6a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-