General
-
Target
222dc9a4a007d7a4931d1f47fbda1c456bcc7b63120661dc37faa94d5b05b279
-
Size
1002KB
-
Sample
220521-mm9bcsfbgr
-
MD5
6b6836b71b73323f7a16589df749b0bd
-
SHA1
131dfa76e83a2d5f959ea02e5fac063fea288ec0
-
SHA256
222dc9a4a007d7a4931d1f47fbda1c456bcc7b63120661dc37faa94d5b05b279
-
SHA512
3d9b42b0e828e7b8220d77ad7db3135b09eb20afc02832ae8e8fd54b713ff2e701229cce0a9cad52196833b71b976b8f38cb956cc0e398924fa6366853763222
Static task
static1
Behavioral task
behavioral1
Sample
Transactions_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Transactions_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solarcenter.ro/ - Port:
21 - Username:
[email protected] - Password:
RSv%AL{k~wATNN@ossyguru@00998877
Protocol: ftp- Host:
ftp://ftp.solarcenter.ro/ - Port:
21 - Username:
[email protected] - Password:
RSv%AL{k~wATNN@ossyguru@00998877
Extracted
Protocol: ftp- Host:
ftp.solarcenter.ro - Port:
21 - Username:
[email protected] - Password:
RSv%AL{k~wATNN@ossyguru@00998877
Targets
-
-
Target
Transactions_PDF.exe
-
Size
1.4MB
-
MD5
719651a5704d90840383ffdbc52f6034
-
SHA1
c8a0833be3b2eace573afb47478368dc909ce94e
-
SHA256
c5c2b440e9d6a0b947db4f5769fd36c844c107db1df8e05f2a06104c4462c95a
-
SHA512
c6f14d35378ebf29562fdfe4de5edbec8cb3edbc52a5e64711e8f6d12f687481304a59804217e7fe6de792ee7313f67d348c907f59cbf0ce07e784b301304d3c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-