General
-
Target
9adcfc2110c78fd5852dd573d093c07189ca9c2eed5e81a154da484d01983511
-
Size
1.1MB
-
Sample
220521-m7zbwsdca7
-
MD5
4ff8f1aa91894f921db3f60454f772d5
-
SHA1
b93050c84fc9d4a65d7cccdb6ee7f47f9408e4dd
-
SHA256
9adcfc2110c78fd5852dd573d093c07189ca9c2eed5e81a154da484d01983511
-
SHA512
a90ba47283db9082f530bd6863b47fd25eb79b8a9b1e3390df37d595f4f74cd4ee6fefd1624a09ff3ea41964d979dde4de2315bdbe61c0ced8b82811c30e2f7f
Static task
static1
Behavioral task
behavioral1
Sample
Transactions_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Transactions_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solarcenter.ro/ - Port:
21 - Username:
webmaster@solarcenter.ro - Password:
RSv%AL{k~wATNN@ossyguru@00998877
Protocol: ftp- Host:
ftp://ftp.solarcenter.ro/ - Port:
21 - Username:
webmaster@solarcenter.ro - Password:
RSv%AL{k~wATNN@ossyguru@00998877
Extracted
Protocol: ftp- Host:
ftp.solarcenter.ro - Port:
21 - Username:
webmaster@solarcenter.ro - Password:
RSv%AL{k~wATNN@ossyguru@00998877
Targets
-
-
Target
Transactions_PDF.exe
-
Size
1.5MB
-
MD5
956c30a878d472143586c3df89d5c85a
-
SHA1
fc7c6c0991ebb37ee6f2651df14e172a3d5cbeaa
-
SHA256
10a594374e3751e758bf490955ed2651a25717209b5b65abe2d09997b27d9a74
-
SHA512
6a78f3e2ab748c986d59d71f286fc2509e2ce21f191a7d093c674cf6574656a0ba28a45d6e5ec37bb19be30298d9994d53c6b7a136ef1138791648ec1ffab935
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-