General
-
Target
63266864b6f52bd7608d42442740359c7aa330bbb1c4774ecaa577dc9b6db76d
-
Size
459KB
-
Sample
220521-aqlm9adeer
-
MD5
6939beb3bec1c78714d9cf88e0fb7b00
-
SHA1
fe8e0e99ec1a19930357d8e08c00f0420d47f768
-
SHA256
63266864b6f52bd7608d42442740359c7aa330bbb1c4774ecaa577dc9b6db76d
-
SHA512
e9fc18d441e5e9fd8f6554c4ebd231c2a78d99e24853e07b934f1d3f370eb7b24de910708f6cff9a09776c3a2dae6bc0687d6ec4fab228716354c6f64dcd9584
Static task
static1
Behavioral task
behavioral1
Sample
Order Confirmations_PRQ00002725..pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order Confirmations_PRQ00002725..pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
amazinggrace12345
Targets
-
-
Target
Order Confirmations_PRQ00002725..pdf.exe
-
Size
714KB
-
MD5
b77c67e726d23e9c98bca5fae1e39a35
-
SHA1
2eba0b79fd622fe0ac7fc16cd2eb08d4504bce26
-
SHA256
210659513be90bb7cf37f17a59eec35457d4af1d0fe937deacfb3901a4ffb9ea
-
SHA512
573c8631ac3b507f0e884d74075025875503df9c108210f4399cacc5e04a1e5c222372d250f6ed61d394ef7eae10670e88381ccd4f308a8b53d6753ac98cef5e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-