General
-
Target
5b7b84c6ea994a0430b361242c0ee4b0f2f683dc499538f65b0c5a62968295a5
-
Size
472KB
-
Sample
220521-asac1adfem
-
MD5
022faac8164085b101e790e37ccc2cae
-
SHA1
717b82e00be9fd910fc29236fd2236c6672188d2
-
SHA256
5b7b84c6ea994a0430b361242c0ee4b0f2f683dc499538f65b0c5a62968295a5
-
SHA512
77278a5c60213418a2911dae95e106f01a513469d5a8f28ad90a786e7598cf28287d8558dbd8f28beaca5ba03e3925b18d74551efcf6ee50d69e91ff406bd8f4
Static task
static1
Behavioral task
behavioral1
Sample
Factura_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Factura_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lasauceda.com - Port:
587 - Username:
[email protected] - Password:
sauceda2018Mx
Extracted
Protocol: smtp- Host:
mail.lasauceda.com - Port:
587 - Username:
[email protected] - Password:
sauceda2018Mx
Targets
-
-
Target
Factura_PDF.exe
-
Size
584KB
-
MD5
e26e602e61a75c0e38fdf5bff1b109d0
-
SHA1
527c107ae874c9ca34396b30e1f0cbd263e4a20d
-
SHA256
238bdecceff568c7d9d8e80e466cb9ba2df600bd47e24e4c69b75cbe7104bf18
-
SHA512
37b3ffb19ad971d218e5b6a0cc9d58bb2c12dbdb94e5dbca956e086b92764aac6a46118c2cc7edc623f6b3cd8b51d8edd31a5a0cd26c3d799fdd24847e81b57f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-