General
-
Target
63d17dc1a1bb8077d152dc6d964d26e9916bd0322312b9a4ba639c262ae4d32b
-
Size
462KB
-
Sample
220521-aqdbwadeej
-
MD5
1f7d2338a3f1801eec565f7adf13a7d3
-
SHA1
706a2b28db980b34d6ed70bf644371c0322ea63d
-
SHA256
63d17dc1a1bb8077d152dc6d964d26e9916bd0322312b9a4ba639c262ae4d32b
-
SHA512
2d2ae7242587ccc227c3dedc51a61413c596a2d576d3c0fefe22ebc8cfab05bf05419dceb87cd512df31fac14c57a4e3b265ca3c986f99bed8c6568788eb0b3e
Static task
static1
Behavioral task
behavioral1
Sample
NEW PURCHASE ORDER.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW PURCHASE ORDER.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.asianhandicraftsexports.com - Port:
587 - Username:
[email protected] - Password:
@@##$$123456
Targets
-
-
Target
NEW PURCHASE ORDER.pdf.exe
-
Size
678KB
-
MD5
8b95b098f130f7e9949a8aa8a6fd6411
-
SHA1
44146452e69cf94acc5bc6f50b05dda94addd46d
-
SHA256
f7cc49578ee37fdedcfb8c54148c0357c7d480bf909d9ffcc6c9a6abcb193310
-
SHA512
e80656f1ab1a7fbe1fe3272f033171c2e29d57ea9ba8e7fdea78b010ef359dfb72e276868e26806a072ce5f3a8154ceff65ac951382622f1c0e3e1ef48608ab2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-