General
-
Target
ed45438c19f297a8dda33de27cf5f59feb88a9c5ef2f03cd85bda39058e15609
-
Size
977KB
-
Sample
220521-m68tyadbf5
-
MD5
4fcf0cb52fde60a65a1cc53acbfb15cc
-
SHA1
c53981ea9bf241d09c47574cfd8d83b9d4e14dc3
-
SHA256
ed45438c19f297a8dda33de27cf5f59feb88a9c5ef2f03cd85bda39058e15609
-
SHA512
deb240207523b6da6958c9f93826970583444c74efefdf74edd8af379c4a5eb3170f182948bc02df1d2d3b3044a77ef2499302ed224a7efc954c4867f6ac4cc7
Static task
static1
Behavioral task
behavioral1
Sample
Payment Invoice.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Invoice.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
[email protected] - Password:
9+^va&phP1v9
Targets
-
-
Target
Payment Invoice.pdf.exe
-
Size
1.4MB
-
MD5
f6594eaa4510195f73fdf4142ab47064
-
SHA1
1db9d3fb0a3de540faf7219aadd59c353783142b
-
SHA256
3af7267092a489852be03a8e4d7af1be12d01a34122808c59a5aca1780926e2d
-
SHA512
d3be1a6527d20851ce1bd91cefbba13e2111f2eabf28af0c88caf76d36e73b58c599ce68dd8f4475a553b5deb6cf8e765041fcb49c5b7113e0b812a5a3bb5c41
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-