General
-
Target
5a54d6b38525684c571bb59b0b3311683378f0c689e6180a1aa9c72b1c83fe8e
-
Size
496KB
-
Sample
220521-my4j9acga2
-
MD5
98a5df64908e8b909f441726ecc6c960
-
SHA1
3f85006c6836aa03776180ef1b3808a6ab53b9a3
-
SHA256
5a54d6b38525684c571bb59b0b3311683378f0c689e6180a1aa9c72b1c83fe8e
-
SHA512
bddc526f51c7c9d8c6a58300c7f02523ba67ed98aea0513a4c8e7fccd3a9b9208fc70b2ebce9a9e2325987c14baf6a5cf6945e11e89f1fa79083f2b5c7016ef1
Static task
static1
Behavioral task
behavioral1
Sample
PDF FILE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PDF FILE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wingsofmusic.com.au - Port:
587 - Username:
[email protected] - Password:
smithsteve222
Targets
-
-
Target
PDF FILE.exe
-
Size
799KB
-
MD5
1277b04db5572984362d8bbcf44ecd30
-
SHA1
7102aa04317c7cf6928629d37413b92a9b09961c
-
SHA256
af128a2f0cd31637c0ecc78b9c8b8be7017db9b34b5adfdafaea83c5eeff8eeb
-
SHA512
50916e4aab4d7e2fdee4b1a11360e3321033ea9ab1b38a8c75b26e670a44bd31be5b4def820401547f918f397423ca8ae57f889ab83340aa7bc7e0213a87b9a9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-