General
-
Target
6cc1c68eb132a4fe14a971f09c31b346ffba640815a9431ad905b13b509166a7
-
Size
222KB
-
Sample
220521-anmgrsaec9
-
MD5
0335694b8fd3ec69e882fca4b0cf75af
-
SHA1
a8368a4c1c3fe02845f973cfe2473d3f0aa22c2f
-
SHA256
6cc1c68eb132a4fe14a971f09c31b346ffba640815a9431ad905b13b509166a7
-
SHA512
32478b4b33f78d1a5d00de4943fb7bc858d1d87c05ffc9bbbb96d4bfac8b8701fe0d1b09aaaa34fc689ea05ccf267fd12bc8c65a4e2d9ae69d1fea3f4fd910e9
Static task
static1
Behavioral task
behavioral1
Sample
Consignment Details_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Consignment Details_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
cjboss2424@
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
cjboss2424@
Targets
-
-
Target
Consignment Details_pdf.exe
-
Size
632KB
-
MD5
73daf3aeb8744eb8ff3f16b41466e02c
-
SHA1
cc1e13d19617f0d1bf2838ed930fe1a4d5fc19b9
-
SHA256
ec5ddee4daf077b22c49a35f10c16a4c2f191e3a125ce1b3f26b01fe7ad619cf
-
SHA512
11542663e06f791ebb93db0f03d543c03a17a2811a2b097ed977b21aaac100ea801b4535656cad03795d034137291a6d37539466f3d281a123516522fa2cbcee
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-