General
-
Target
cc879151b41ce6cca54ebb24cb34f11a06e4f24a187f8b69cc612e68e22d081b
-
Size
390KB
-
Sample
220521-nqv4kseac8
-
MD5
692b47eb2bd9abb628c89a88e9ee19a4
-
SHA1
43f8aab1eaa3105afb7d858c3173ecc13cc10d98
-
SHA256
cc879151b41ce6cca54ebb24cb34f11a06e4f24a187f8b69cc612e68e22d081b
-
SHA512
1d6a339da2e5991bc0bb1625ee149238e8e697393ae5552e426759e0223ef1c0830cf33f8029bd75004deaa6735cd38896105639dfd98c53a5abd8273c12513d
Static task
static1
Behavioral task
behavioral1
Sample
Invoices.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoices.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
henrylogsss@yandex.com - Password:
@vision123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
henrylogsss@yandex.com - Password:
@vision123
Targets
-
-
Target
Invoices.pdf.exe
-
Size
477KB
-
MD5
503c9f40d7fa05c4cb20633a6fb4e603
-
SHA1
90cee96a631330b0a796840693ab93cda15c3575
-
SHA256
7348aa6bc1128a83b361be3add1588adb8c41cb7e83fb3bf8625d63521da91c8
-
SHA512
c5ef236679d67c77629ac9a0cb775a5e02080391156f69f6c4e48e9616d6a39afeb59e353702a08c39a114e17049cd200d66655756503dc597a29fbedfa1e880
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-