General
-
Target
073436c3936eb632ed28322b55211b0c36d05b5539343f1afda2eaab06924ebc
-
Size
392KB
-
Sample
220521-bcg9cabfg7
-
MD5
492b00feea62041e70f556f81550eaa3
-
SHA1
36b989dc052d6cd743a61613861b30cd6f2e15b4
-
SHA256
073436c3936eb632ed28322b55211b0c36d05b5539343f1afda2eaab06924ebc
-
SHA512
3f5ca2aace8e92fe1b95e01f51de5fb624bca3237784c69dd0f7715e22e1184104bb32f2f9663f26a7164f8f3bb9e4d905c7e84faafae157f8f0e688b6e8aac7
Static task
static1
Behavioral task
behavioral1
Sample
FEDEX Online Customer Advisory AWB, BL Commercial. Invoice 20207105534231.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FEDEX Online Customer Advisory AWB, BL Commercial. Invoice 20207105534231.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.zarkom.rs - Port:
587 - Username:
[email protected] - Password:
Medicko121
Targets
-
-
Target
FEDEX Online Customer Advisory AWB, BL Commercial. Invoice 20207105534231.pdf.exe
-
Size
434KB
-
MD5
28cfa40c77b39ff4dd7b57680d91afff
-
SHA1
05c1d4cd3d8238e0f485ba36855d8e57ce44227b
-
SHA256
d4ca1a42f5c889f5b6e12a5f4059ff6bc22c6ea99f830d561baf9d6de3b42eea
-
SHA512
219d8b9104a8a6135b2244c7e0c23c454fe71b0d4b5bfc2f652dbd16118d67c4ff9e3aa51eadb3e6e614d64bde16c6856bd9a3a2707832bc99cc7efa0158175e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-