General
-
Target
e51697b7fd49eeef3df1aebfeb1b6957d519a9527db26bd86a28c6a348c364d0
-
Size
558KB
-
Sample
220521-n5c7bahgep
-
MD5
8fec13b90afa60f0fa67e6f798c2d0b8
-
SHA1
e9b0012d9ce628dc814a118f3c61aec4a5751c11
-
SHA256
e51697b7fd49eeef3df1aebfeb1b6957d519a9527db26bd86a28c6a348c364d0
-
SHA512
1f3fcdece6cd103b327c26773c980fb55a7d17c61663e55e90381c2c600eea46de010c4660ecec64f267306523f584887293cc5cfd021b4f63fd0438cfbd247e
Static task
static1
Behavioral task
behavioral1
Sample
orden de compra_pdf___________________________________.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
orden de compra_pdf___________________________________.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.erneralduae.com - Port:
587 - Username:
[email protected] - Password:
nEV!EZo2
Targets
-
-
Target
orden de compra_pdf___________________________________.exe
-
Size
604KB
-
MD5
d8538f1204d04e2c8e3fbea7f37f247e
-
SHA1
c0f2b8a3b6195571713c71d7b18543eed3bfaced
-
SHA256
6acc6132e2b715d36c680d06959661bc650756f8b464a5bc5bcdd8e6faa07a55
-
SHA512
b112aa43fd24be88bc85f111fe82a53827c57dc3dd0e5f6e348f09f51ba1b0298a77ed65769927257da95be85a56ac07446fec00bc38e02796213d973e6d482e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-