General
-
Target
a0690460355704ff1a35f16f907ed3d4af190b150e8579e70984c0ee484ece8c
-
Size
329KB
-
Sample
220521-cwv5zshfgj
-
MD5
f65099b3ee5e47b049a1191b54ec8508
-
SHA1
ca806be4311666eb42ed6cae1702c0cef0cd6eda
-
SHA256
a0690460355704ff1a35f16f907ed3d4af190b150e8579e70984c0ee484ece8c
-
SHA512
d7ec23fa614bbd3c695d2957740760dbd452cfb5726351d73fd545535d563b70ed33e5de179c4bc6635db1830d8936a5dd99b1625a895fe54b46effd6338129b
Static task
static1
Behavioral task
behavioral1
Sample
PEDIDO#4965832-pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PEDIDO#4965832-pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
PEDIDO#4965832-pdf.exe
-
Size
766KB
-
MD5
cd53bb5a8efb8397089db59307b51406
-
SHA1
b6749766413cdd7a7c6b58bb1d596a6d4478e1a4
-
SHA256
d44272fe83f10383b50e8268ffe5f7f70e1c2b355363ccde038172f6a9eb5479
-
SHA512
5931d2c2966e2ca76ac307d4742acc2847da04bceaf02475e2d9bf0b3e081aeed4bb5caf2396a417bc3194cf6cda4c3d6b38538e75cb5a32a934e6ab62004f41
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-