General
-
Target
35f13608341f1ac8abc7f356f741937585471c29d16d41b6237696e0bf789817
-
Size
442KB
-
Sample
220521-npep7shbap
-
MD5
450e4f7c8e164121d9b565dc4959efa9
-
SHA1
9d9f40babc908fa0429bc640cf85defb19701ba3
-
SHA256
35f13608341f1ac8abc7f356f741937585471c29d16d41b6237696e0bf789817
-
SHA512
36e5cab374a0812c0978429f8b46eeb5dbdd772e1e27e380a39ab58636c16dc5895ef671e782ec140c9d386f37364f63bf5ba3bcc5372e1af47f4a44b2b45e97
Static task
static1
Behavioral task
behavioral1
Sample
Overdue soa 06 2020.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Overdue soa 06 2020.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
sales@proexpertint.com - Password:
temp20182019
Extracted
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
sales@proexpertint.com - Password:
temp20182019
Targets
-
-
Target
Overdue soa 06 2020.pdf.exe
-
Size
677KB
-
MD5
7f32a6b1138fec66336ca5c7bbf6cc93
-
SHA1
da12385adafac70c7caa3bec7f998b433027f374
-
SHA256
afaf0481a3bf179c2371debc03ca52aebc43863ce150bbaba694183a88fbf33e
-
SHA512
f75666d7181279a87fda6cae8ad3eab4bd8c951701083b3dac6c69153aa23a5503eb5011bb9f745e16f5742ff69d263fe07cad68a3b27299dce91d28562274cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-