General
-
Target
59cb7e6648d619ee4714e52d2b027d4249b115eacab21cea287f87d08a3aeea0
-
Size
482KB
-
Sample
220521-ashdlsdffm
-
MD5
703d02578bf5ec6c26fabb949f1e4970
-
SHA1
df060cb6f229f83329a8aac47e23a95036f838c1
-
SHA256
59cb7e6648d619ee4714e52d2b027d4249b115eacab21cea287f87d08a3aeea0
-
SHA512
65fb106d293821b767f9723e92faf20bd0a2fb3813555ebf94d141d8acc168b179375b89294ed9a20a7b9f643390a867b3e69f09f68c30e5c22b200908250d48
Static task
static1
Behavioral task
behavioral1
Sample
PO copy.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO copy.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chibuikelightwork1
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chibuikelightwork1
Targets
-
-
Target
PO copy.pdf.exe
-
Size
600KB
-
MD5
3fe5438b138021910261a11d1ade22f2
-
SHA1
d24100a23ab25530b24196718eccb0b17b80cc0a
-
SHA256
86eb9ef9abcbd21df6bed4743efd0c879ba62127b73a0dc5194e0ee758038628
-
SHA512
d31311738b33b6197795c889cc07793f02f0b501ec622c4948b7c9432fc14c41ff712bd7d81942ceca3f153e1184314cc3f8490eb9e37552af33781a522a9ff1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-