General
-
Target
9a73ca0ac130eedbcd7e9ff4d9a07bef45722fe49ef873da039ab00ad126e55e
-
Size
559KB
-
Sample
220521-m4z41sdad7
-
MD5
1ad8adaec9a7fad7dc4fe9d4b3e90420
-
SHA1
92924a3fb995815d3e9629cb81cc171ee319419b
-
SHA256
9a73ca0ac130eedbcd7e9ff4d9a07bef45722fe49ef873da039ab00ad126e55e
-
SHA512
4cbb0806e84d3b145b3f6510cfa514ba9faa72207b2170b6e28257b3212d404f973ebc96d4c47fb937e77a774e42145a703eb43bd555d539c33f333116a12e67
Static task
static1
Behavioral task
behavioral1
Sample
Authorized Docsx-1011279_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Authorized Docsx-1011279_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.samco-sg.com - Port:
587 - Username:
[email protected] - Password:
@NNiiSl4
Targets
-
-
Target
Authorized Docsx-1011279_pdf.exe
-
Size
958KB
-
MD5
2859536d947d374208b75ab68c3a89ec
-
SHA1
bc79eaecfe58b2f0c0e65b96ac8df676bba914a3
-
SHA256
5d8edb52dabb7850b75a9bf3f899756425401e26b221fba7117c9627ae844590
-
SHA512
ae128ad0d5c95e23bf7fb2542d87a4b1248ada569f8e84a77bf4fe5d1f3cd0cd873c9a831a52dc2da2c4f65d6eb7c983f6accb5934779f79e2179d1ad795e85a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-