General
-
Target
960cb20824a37a302d5741fc9d62e89852a3b9fe33a70f08ef136cc60def4705
-
Size
469KB
-
Sample
220521-mypq4afggp
-
MD5
3a0adc0009b659a108b8ddc3d7ea171c
-
SHA1
02d39c45d304208eb55d19e3efc1bf920324f2d9
-
SHA256
960cb20824a37a302d5741fc9d62e89852a3b9fe33a70f08ef136cc60def4705
-
SHA512
5707403516d3452457793f944834152de2cc5c6e92d0cf70322526fb4ea40e9e3e364c8dea7ffe6eb7ad8e162789dc0d7fcea1a9cf12f2acedad70832bdfb010
Static task
static1
Behavioral task
behavioral1
Sample
30072020.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
30072020.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cjcurrent.com - Port:
587 - Username:
[email protected] - Password:
jHb^rbR5d#(U
Targets
-
-
Target
30072020.pdf.exe
-
Size
772KB
-
MD5
13e7349fd6f9aaabb9a6f09c42a0740a
-
SHA1
de355724a4a2f0f4a9abadd0112fbf48a71cbbe2
-
SHA256
176962cff7fd1726db08ef313eae338fbadcdcac32db1ef02dbd24434d2b8b4c
-
SHA512
f3a58cddd74e19be7af7027a6f489869b58dd7f252f76ffefa23c3240d1bab9bb730e0909d60b37447fee6c5cbc71f08302384251b30dd02cee6fcf596a08e67
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-