General
-
Target
0e2b8c15073203aa186b29ea0e28756fcb24142e06f250ac239fab874b2aa6c8
-
Size
411KB
-
Sample
220521-mh4v3sfaan
-
MD5
9bccd5a3397fb57e46d178ed80e9d252
-
SHA1
c3ce48f586255ca7d5863287491be929c2b48bf1
-
SHA256
0e2b8c15073203aa186b29ea0e28756fcb24142e06f250ac239fab874b2aa6c8
-
SHA512
c9e01055b9c97b6abb866e5084a893b067d0a73fb73a8f7038febc170e703f28101bf4f69734d3704bffa9c4bd83e70d2eae8a463dddfc7f59b44cbcbd7f60cc
Static task
static1
Behavioral task
behavioral1
Sample
SC# 84979926 Cargo Delivery .PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SC# 84979926 Cargo Delivery .PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wingsofmusic.com.au - Port:
587 - Username:
[email protected] - Password:
smithsteve222
Targets
-
-
Target
SC# 84979926 Cargo Delivery .PDF.exe
-
Size
422KB
-
MD5
cb2020c0a4af9cd7863865eaded84136
-
SHA1
ff3f2511f16c9ca7f58c24abb779afd4a8cf09c9
-
SHA256
097a63aa1a0f265f5ae61c25a5bf1c33f6d376969efea2e5beea2a33d20cf169
-
SHA512
3bfa65578b284748da6d0a7b6ab77f5457b8edc35ad45786a9d6245443ff1c7e80e984a8f4fe376ef46ee06ca1272e25a3b46bae0b71e99184a3e1300e99627e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-