General
-
Target
19cb6d1c886c1a25d295655bb0086ee4ace88a193df125fe580711da0cdf85b3
-
Size
450KB
-
Sample
220521-ncdmdaddg6
-
MD5
1d137bf60fb33d9cf35d3d9fdf70f084
-
SHA1
67065abdc303ef931e32b80931ab16a5a7e60cc9
-
SHA256
19cb6d1c886c1a25d295655bb0086ee4ace88a193df125fe580711da0cdf85b3
-
SHA512
17901fe97475b00812a04c7b9266c78e671491ff79392b04705e4fd227f73516245410d0a83aa3b619031ed456b9140630fc4628c42c1ace1e80b7472eda0bb3
Static task
static1
Behavioral task
behavioral1
Sample
REMITTANCE ADVICE IF011200022823419.pdf - Copy (2).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REMITTANCE ADVICE IF011200022823419.pdf - Copy (2).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.stankovic.hr - Port:
587 - Username:
info@stankovic.hr - Password:
mp58zg
Targets
-
-
Target
REMITTANCE ADVICE IF011200022823419.pdf - Copy (2).exe
-
Size
609KB
-
MD5
c12557a3d973d45b602fbc8784fd8b75
-
SHA1
321569bcfe34e7c751f1efef818d7b2d1337790a
-
SHA256
50bca33857f38988e44abdd9542f348a2f5c4f499822a7eb37b58273b0fecb75
-
SHA512
6cae6fc81ad2f3e4b25e8d793378a2956207f95064c0f00ab86d5c8a2fcfc1214e1eaf28317e10f8cf3c08ebd6eac35f87a6de7254416d8095ab162ca5ec033e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-