General
-
Target
9e138c0189d5d9ee415cfe707418a60399d919ca8c62805541d50f001331535b
-
Size
360KB
-
Sample
220521-nenkcsdeh2
-
MD5
70f317241d3ade6a06021c74417304dd
-
SHA1
14698c331be8f82c142e48dd73c92c1d306af035
-
SHA256
9e138c0189d5d9ee415cfe707418a60399d919ca8c62805541d50f001331535b
-
SHA512
5787ea4261482fd7a2798bb253637212f3ad1bff1af5fe6e8d6606288692fc456227392267a87155d870fd493475f56f229f527d82751de4aadc4d2bf6443d86
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.pdf...exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice.pdf...exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.matrixas.in - Port:
587 - Username:
info@matrixas.in - Password:
info2013
Targets
-
-
Target
Invoice.pdf...exe
-
Size
539KB
-
MD5
fa0c9ce3695691566ec8fbba088433c6
-
SHA1
1b5693cbe7521087c8bb5b46a8706edb71b037a4
-
SHA256
93c807a2fb8dff5a30d9f860f1eb98304d8303f8fff4c53c98870201d6d3eb68
-
SHA512
b3bb49000f13d18163d685905384b7acbca9b165cc009b53830c7f567b5c9f762fb6c6d1c08036db774265c1048d3e62b6ca198253a37a8a5a19adcffac4c57a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-