General
-
Target
ade4829af20fc019495244ff1e877e4cae630938dc706713b403c7a4f7714c35
-
Size
822KB
-
Sample
220521-n1n31sedf3
-
MD5
cddd642a825a7e909da747e8c443c4f7
-
SHA1
1c45f6b9d0abae95d5c84de363b356846e72f175
-
SHA256
ade4829af20fc019495244ff1e877e4cae630938dc706713b403c7a4f7714c35
-
SHA512
a6057114b3c341133f62ff4e537a6e7c964317376c788edcc4afc57a78619813d350f3cfd062c1c468c4e5da676fdac0880afbe424ec94604b630b635419d729
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENTS.PDF(248KB)..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENTS.PDF(248KB)..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.newalmawared.com - Port:
587 - Username:
ahmad@newalmawared.com - Password:
@Hd7049
Extracted
Protocol: smtp- Host:
mail.newalmawared.com - Port:
587 - Username:
ahmad@newalmawared.com - Password:
@Hd7049
Targets
-
-
Target
SHIPPING DOCUMENTS.PDF(248KB)..exe
-
Size
769KB
-
MD5
d656e489710c8e9930af8ce7ab847a57
-
SHA1
eaa8fe32de65aba335cd98dd36b9cc766e2cd35b
-
SHA256
537b1403f9e905dba7a2ae4a521b8655d09fff0208e19ac58ff6b2abaec2ea28
-
SHA512
b5753c623080ce3d4f5d1bf3c581f62c2801cd27e09bd0d81611760c7c7653c8e0d37388aa82d5e4b8cc736d46b5dc03b5fac6b077acc6209421d9653b2813fe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-