General
-
Target
0d52507084f726b46e643eea8661c97e96fe32d094f214bee4cd1dd6419a90d3
-
Size
802KB
-
Sample
220521-n379nshfhr
-
MD5
35548bd08997150c7ea3f219bbc37f81
-
SHA1
19dcf46f727fb734b7e21c459363d9f78c587974
-
SHA256
0d52507084f726b46e643eea8661c97e96fe32d094f214bee4cd1dd6419a90d3
-
SHA512
49a69982659bf6544747596d60850d1eb9d2919e2ba88a19659a8b9593829e3c4e29e381f49cae847a55428a20dba1368a67171dcbf9e8359576c4672dcad11a
Static task
static1
Behavioral task
behavioral1
Sample
PO #04289 confirmation Order-Jun-2020.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO #04289 confirmation Order-Jun-2020.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Targets
-
-
Target
PO #04289 confirmation Order-Jun-2020.pdf.bat
-
Size
742KB
-
MD5
7b96f0538d245bfe7a61c50ec66a73eb
-
SHA1
e9e29a5b956c7fc5a5986562557909020faab7b9
-
SHA256
ba30aa707120fb8a73c2e367ca519aa6fd38a83dc74680eeada79a25f5ef2800
-
SHA512
a7ae5ef2dfccbc940b7aed8443ada3fb5b43150e92c4e8cc895014b38268ff290a7aad1ac3ce6d3f793245b76a18baf13a1a2958ba01b9ea65114873135a7610
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-