General
-
Target
9a537188a27a36cf4afac025aa4c31f18de5c3a00bcf10dd72c52fe5a9450ec3
-
Size
555KB
-
Sample
220521-cx37zsefe6
-
MD5
31f9924dc8fd5ae299d524e43aa04e6b
-
SHA1
4d8e7128803a8f4a661e7577f34cb42b5b06423f
-
SHA256
9a537188a27a36cf4afac025aa4c31f18de5c3a00bcf10dd72c52fe5a9450ec3
-
SHA512
a8fa767bd262e8f6fc8bb7b5a7f958014cb37ddc99a1245ee80150510d30e5ce9ed55015cd40932b772d6d977b709a32c7a3c910ca91900a4b01e9aa723282aa
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-NNC29720M7493.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ-NNC29720M7493.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
opjis0123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
opjis0123
Targets
-
-
Target
RFQ-NNC29720M7493.pdf.exe
-
Size
754KB
-
MD5
51cbc6e6f5b6ffa79a424885a3fb067a
-
SHA1
96c437e371319b11df7793b4f75808f9a983f03b
-
SHA256
174229f02ec49094835e609fe32d2985382603a64a990dfe23dd2d71a3f0a00a
-
SHA512
62318f69ed0c27d2ffdd1e0dca936d03ee7f44998e7a8233b4f7c0238644f7269a57220867ccce1b14c5b40c32587b0fb7aab378d97fc6bddd9f801717c90dd1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-