General
-
Target
9be02466f6c9bd1268459fe1881f826122bdf366818031c2ce4b16de6a2df34c
-
Size
397KB
-
Sample
220521-cxrh7aefd6
-
MD5
3c7aff0f76484201e76328615b91cbff
-
SHA1
dbaa7cf360e8ba48ede5e393dc151f43f44beacb
-
SHA256
9be02466f6c9bd1268459fe1881f826122bdf366818031c2ce4b16de6a2df34c
-
SHA512
1429c52dc7cf5f6e7a9a30c9aa5d0bb10610496b0a403f5223d8dc3325a8b7bc966b2f713c135f896cf5bef2cb0167bdce66dce1c307e5a42fa6a6a9b11d65f3
Static task
static1
Behavioral task
behavioral1
Sample
ALPHA_PO_16201844580.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ALPHA_PO_16201844580.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.cdldxy-cn.com - Port:
587 - Username:
[email protected] - Password:
SSzps(s5
Targets
-
-
Target
ALPHA_PO_16201844580.pdf.exe
-
Size
457KB
-
MD5
052b59dc9ed3a1e410580bd0e6056b73
-
SHA1
c4c9ff0c33fc18192409ecdc5c93e40228b2d687
-
SHA256
17bf4172650d0fbc833533880e7ed702fef86180f55c5a51d1f93d3c55f1577f
-
SHA512
3f766271808ba314759fa91297e090913513ced65cf13ff35e90ad869a959a30528a9ad1203fff4ed6694136a3e06a4bb861ec9015cb5e0720baf6c7033e8626
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-