General
-
Target
87d9c2119cc14f0975e6ec70d73793be9fd8abbda1d0b25979dab2d2cbabbf91
-
Size
441KB
-
Sample
220521-d8gc2ahab7
-
MD5
4ef2c48223f9cea211f1c8c062a77b5a
-
SHA1
b2439ae929d9db64c8d6550315ef463fbd0f1e3a
-
SHA256
87d9c2119cc14f0975e6ec70d73793be9fd8abbda1d0b25979dab2d2cbabbf91
-
SHA512
3b8ad0d33d4280926a0967396a7173a38d55aebbc6589dd98c6a6893e712aca897e07a11bad18ec10fc452bd6ea303a22b79d67dd413021c964a39cd65929479
Static task
static1
Behavioral task
behavioral1
Sample
0900009900pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0900009900pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwudi123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwudi123
Targets
-
-
Target
0900009900pdf.exe
-
Size
539KB
-
MD5
ff69f59ae77ee39cafdb4e7efb4accd7
-
SHA1
998f7ed69e24b27371151aeb3d953643c8566878
-
SHA256
ed1aa53c89a6250abd5ec84f8458338150b89ba617d4ca9b8d1583658a2b44ef
-
SHA512
a457ce644c81831d757c7737364a22291c7db2194f457ea92f9de6a9560e25d12e9164b94dbd8b4048b7ed65d122b55944ce6212fb1f12d1ccb5c00693487b27
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-