General
-
Target
7e630f2d7311839cc0c9b070c9fc5d75f40bec02822df99bb334bb4948ea8c01
-
Size
357KB
-
Sample
220521-b2vwqsfhhm
-
MD5
bf6711fcddeef85e08b1a115ae93bcfb
-
SHA1
203553e8888536877fdbed71ccb895f873d442d8
-
SHA256
7e630f2d7311839cc0c9b070c9fc5d75f40bec02822df99bb334bb4948ea8c01
-
SHA512
4c3a8f4e03b8ac534d9f0435c207119f4d075973b1129e6549738a38868710be0ed228dca761936582640be5eb3331f00057700d15d6d1513c240d61bf439ec6
Static task
static1
Behavioral task
behavioral1
Sample
Electronic TT Swift Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Electronic TT Swift Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.martasmebeles.lv/ - Port:
21 - Username:
[email protected] - Password:
G$?eK%*r70t~
Protocol: ftp- Host:
ftp://ftp.martasmebeles.lv/ - Port:
21 - Username:
[email protected] - Password:
G$?eK%*r70t~
Targets
-
-
Target
Electronic TT Swift Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc PDF.exe
-
Size
403KB
-
MD5
d29da00b52dbed49aa1c3048be013aa8
-
SHA1
ea80dc07e833f7952d47705d239c99781ab7f0c3
-
SHA256
ff2c551213e1242069528d7ba1e6da50a36ab0f1c0ef0d972d341e08a736d8e4
-
SHA512
d1a621da52fa59b174606fa66ae5385b4c553e6610a134284c7f3fc48b890f9cb1e2f5d5c3ce3db55d2b2a2f42ffe2244a57535b6b08f9903797b316d0969433
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-