General
-
Target
6a63819738385d60f583acfbcb69a59b90ea4b47924a60df0f4c52467bc7ffbc
-
Size
376KB
-
Sample
220521-ne94csggbq
-
MD5
178ba2fd23ecdcdcdb1714b9723d2e46
-
SHA1
d592abf9fd5b3a16f6a2d8eace70fa4cf70bf06b
-
SHA256
6a63819738385d60f583acfbcb69a59b90ea4b47924a60df0f4c52467bc7ffbc
-
SHA512
e4da042a71f8e2bf7e4a1c9583f06b123381ee87242a255a5da7a721afbf364beee636da334aed37f6c9d32ece0e2776c6148a668cc4c2986b736008a9945b02
Static task
static1
Behavioral task
behavioral1
Sample
AO-202005_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AO-202005_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.parshavayealborz.com - Port:
587 - Username:
[email protected] - Password:
P@rshava123456
Targets
-
-
Target
AO-202005_pdf.exe
-
Size
425KB
-
MD5
b4fa8f2e8f3d1d6f0f623320ffe2c3a4
-
SHA1
94eaad01c0a72e5667b07946046d17f9130484d9
-
SHA256
81534a23f49b6824f8330f9e4943dcfcc6b4acc6ff71b31d729aaa889ec72083
-
SHA512
102b19aa1dde858cd2fffe1b1645cc1331d227eb55db2ddc5f43584ea75fe356f94ff9f285d8721380a587edb026c462a79ea49ed7b875b63461d1b571305614
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-