General
-
Target
6795a07c867f20fc16bcaed7a8fd1ff0390fa2dcd926ca6a4e8c9b27aa94b4c9
-
Size
409KB
-
Sample
220521-nf71dsggfr
-
MD5
1351a881f56e3d405f6a1ce470c456c0
-
SHA1
396e01b7202d08bb8304c68c59ce7f626c30fe1e
-
SHA256
6795a07c867f20fc16bcaed7a8fd1ff0390fa2dcd926ca6a4e8c9b27aa94b4c9
-
SHA512
6bac91b3e61674e5af766cdf6354aede65d99f5ada7d629bb674d6baa03e3c8c28c4654bd4ee8dcde478c43cb477d5fe36de32cfd613b7474e26b9c633db186d
Static task
static1
Behavioral task
behavioral1
Sample
order#11520520_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
order#11520520_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.imatechwiring.com - Port:
587 - Username:
zappoh@imatechwiring.com - Password:
2rldD]X4QNvq
Targets
-
-
Target
order#11520520_pdf.exe
-
Size
507KB
-
MD5
470f80a9b3a8ba2d54ca509363602daa
-
SHA1
38c14c6b0a1bc83de9242d8c7aeb15e9f6c3359b
-
SHA256
ede1cc754e047082946e0e3bdc5487406aa36881da14fc3f15fcf2d3265e8757
-
SHA512
da60b321d237b4ae7a8a7a16dd63d46bbd03cbc1b26aa36d2893103d2ff8b271a5612cb091f90372ac86c3a9b276b3586515a307240539fcaf8b52f2e8637715
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-