General
-
Target
b362b04b04ba2eb1d6666833ce0202d6a5e67039df6168abb5481136d89d858c
-
Size
440KB
-
Sample
220521-bj9l6sfacn
-
MD5
55a77f633170600a8e5a7bb40438c53e
-
SHA1
a2f59b9d2de69bd7f0caf155c0f77d164eccc47a
-
SHA256
b362b04b04ba2eb1d6666833ce0202d6a5e67039df6168abb5481136d89d858c
-
SHA512
f17192abdbe159b4e211f04b52c34e849b35f9a1aab18af87d8584993604980340962a3e4abf956aff3aafa805f385b7776dd7e57441064b5c2347b0749be90d
Static task
static1
Behavioral task
behavioral1
Sample
ADVICE OF DEBIT - BANK CONFIDENTIAL-pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ADVICE OF DEBIT - BANK CONFIDENTIAL-pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aravaliauto.com - Port:
587 - Username:
[email protected] - Password:
aravali66
Targets
-
-
Target
ADVICE OF DEBIT - BANK CONFIDENTIAL-pdf.exe
-
Size
451KB
-
MD5
885f431f067ac0c3d53b71cdde50400c
-
SHA1
e414998afe9b6a135baae00c271c38f8b172428d
-
SHA256
4ab8fa3312a1bb877d9a7a363c8a36c0bf6e82c36458031ca46befa94b0e663d
-
SHA512
a38d325fe15e12e923b232dd1eb368639517323106bbf7e167681d7248c6b86acac5eba0c8cf62845c7533140d48a3abeb75b1a89422b0cb8501e150fd4e6841
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-