General
-
Target
9bfe2c11d472fbbdec8e7b55e3f8661e33bf5982f849b05499d66014987e1569
-
Size
301KB
-
Sample
220521-cxpplaefd4
-
MD5
9ee6f8516440f037588d34fc1aa64105
-
SHA1
6eb119ada09832c03e8f7619c284b6755f1f8e7e
-
SHA256
9bfe2c11d472fbbdec8e7b55e3f8661e33bf5982f849b05499d66014987e1569
-
SHA512
2f2017da86d344131b7e0efd1bc0e138aa28a333ca52988afa8e570a099458161004cffdb9f415e618a0d812bebfe25f2974c74e56873490fcb098f22b8d23b3
Static task
static1
Behavioral task
behavioral1
Sample
ORDER#5944395-pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER#5944395-pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
ORDER#5944395-pdf.exe
-
Size
881KB
-
MD5
5578bd24e91c617132e8a8d0a5219caa
-
SHA1
4890cd06069deea13c871a6065ecd636ec1d5c8a
-
SHA256
c50b6d3d8c54a8026808011f937f25e8a820c31839668fa235b99c198fc9f0aa
-
SHA512
237fd661117a2876629fa008ac0e699686d623211fba248b6f96e86d1aa94629f2e355f7e6ac5237eef541b007e1b1e79a426e43772bb33b5aedde2bd68ecba8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-