General
-
Target
b32fe40c7ff3300b0c47e0bc6552aa9996ead1c92918cf52591584b7d56322f7
-
Size
565KB
-
Sample
220521-b1g89acgf2
-
MD5
243a583da7b4d74d4d1819a2a1dd57a8
-
SHA1
53ad96a00c40249922b60154ad211d8a6d1af06c
-
SHA256
b32fe40c7ff3300b0c47e0bc6552aa9996ead1c92918cf52591584b7d56322f7
-
SHA512
368d90d0a1ec720caa1de05055ceab943a627b249befb07c43871b7ec6bb19a56875a377bfbbddf13015ea25982b79271f06079d4ffb096600c0bc95e7dabfd9
Static task
static1
Behavioral task
behavioral1
Sample
Doc 34567865 May 2020 PO,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Doc 34567865 May 2020 PO,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
Doc 34567865 May 2020 PO,pdf.exe
-
Size
745KB
-
MD5
4fdc528b65f2cbda31cf67140516b1fc
-
SHA1
a82de7a5fb33eca2a01278d24536a8a991fe9d63
-
SHA256
3eedb54568b3efda260acff647cf04b1680cfee350f184a0bc6bc4b0801862cc
-
SHA512
b2ca325ff3ecc5a7d76b11fdb1b71dcbc6f057a432250b7d8538b7b16d182b531d0f32cd870bd1cd315cd4cf2fb4b94d7488477d659ad5268fc193f9dceb77a2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-