General
-
Target
0f9fb13c25c9c01def95df8c8015197bee9f5142f1f0791e697c51c6577f9e42
-
Size
667KB
-
Sample
220521-byfyeacff6
-
MD5
a4e1f4545eafd61319c64dc7d119da99
-
SHA1
f504f604bbb78ccbab5485134bdc1815b5ce81f6
-
SHA256
0f9fb13c25c9c01def95df8c8015197bee9f5142f1f0791e697c51c6577f9e42
-
SHA512
1b6ff7548d27b6ffa77545fa669303a29f5c95a9dfb57f47712eb17fca8aa41c95f4a8408592a1fe794e72da5273c1b8557904a4df325d1888db272ece909896
Static task
static1
Behavioral task
behavioral1
Sample
Detalles del pago.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Detalles del pago.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.trademaxperu.com - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Extracted
Protocol: smtp- Host:
mail.trademaxperu.com - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Targets
-
-
Target
Detalles del pago.pdf.exe
-
Size
908KB
-
MD5
cff942f8b8b7161e872910d0cc37d21c
-
SHA1
ff18633786e78743da40dee2c0af1c01c7119117
-
SHA256
7953cff779759642a2cd5981662769249457f01c0c996c69c0b80d5439860c6a
-
SHA512
d4cc80ce02e1f50f94b4f35b4b42df7cba7cb1f173581e0d6a650c65c29e183049a9046811445eeaba12ffad9e13a12c828f3e5e5653e7d69c1f1d74ef16988d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-