General
-
Target
8fda52f73cd2d5afb8f9690c32b0f6fceea0b4e987e0f3eeb8f7bad28c09ec4a
-
Size
998KB
-
Sample
220521-mna5yscag3
-
MD5
08699b9d8a898ad30283f153d88112dd
-
SHA1
a283196cb9527a4afef63b10838aee2cea687369
-
SHA256
8fda52f73cd2d5afb8f9690c32b0f6fceea0b4e987e0f3eeb8f7bad28c09ec4a
-
SHA512
11c1250db31a3b70ab63aeb733d02f5bb0db86cf86936f3f5e0b0e6f5c968b848ff8c963681f8dabcb5d25330c23ed0272c406f5916f569beaab16b9c28a5234
Static task
static1
Behavioral task
behavioral1
Sample
04_NPWP_UPS_New.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
04_NPWP_UPS_New.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chiamaka1991
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chiamaka1991
Targets
-
-
Target
04_NPWP_UPS_New.pdf.exe
-
Size
1.4MB
-
MD5
20ca3c8f4c2e61ecaff359c3bc1f36aa
-
SHA1
b86e321f771bedf710ef0b60c16f5497cab6f9e4
-
SHA256
8a0920234df83e922801ad172d8cfb396cd931c406f64006a2d52e18622414c5
-
SHA512
76eeb8c3813d6e40ceb672ebc6626fb8a44fe48d59284063a14379460e92ba900d8dd4d1fd67bb7cc3fdabe7a4b07ce7da4b6c1fc091a8c756e2f33690b1227c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-