General
-
Target
f1f8f546be67cb6b305f9becb9626603ff43236e14efe49520fa712a051662ae
-
Size
381KB
-
Sample
220521-bl3xeafbal
-
MD5
cbf3c41a595c04b91cfbc987e563cb83
-
SHA1
c5e1db705368a7cc458e4185f8bed895b4230a15
-
SHA256
f1f8f546be67cb6b305f9becb9626603ff43236e14efe49520fa712a051662ae
-
SHA512
35a43196bdd20fe95b0dcb3aeaebca91fffc9980251393a4d2bc5a310aa2835dbd8f32b90cfdcc58cb21a85e4b92052d46d2bcb47b68a03871b5e930ea5e72e5
Static task
static1
Behavioral task
behavioral1
Sample
NEW PO FROM MARUYAMA (SHANGHAI) TRADING CO.,LTD QTTY.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW PO FROM MARUYAMA (SHANGHAI) TRADING CO.,LTD QTTY.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
H(FPf]j;OgNA
Targets
-
-
Target
NEW PO FROM MARUYAMA (SHANGHAI) TRADING CO.,LTD QTTY.pdf.exe
-
Size
422KB
-
MD5
22b8dfd2f7f440d02820e297db00f6dc
-
SHA1
9372f127397aac0822881e5136252a5c9dbe0c28
-
SHA256
227edfe5a3f405840f8be7a96d205ddbd66707829e0118f049f2917d28d2b142
-
SHA512
eed77a4ae01e1e1e00577efb11a0a32612e51b6b0e2d4289eda71641bcb7af7e60b8dbea403ec504faef4dc6ae57796e7e724870e69f65ca4864ebd5c7191804
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-