General
-
Target
eed000c07ec0acbc2680e49fe5392a91db3f292dde9ae67f933970f6a34723c4
-
Size
312KB
-
Sample
220521-nylvwahdfr
-
MD5
3ada3871f6ab24e3010ce44c7fe72117
-
SHA1
9cd9ddc73bb254e6209ca1828890ebae79ef5149
-
SHA256
eed000c07ec0acbc2680e49fe5392a91db3f292dde9ae67f933970f6a34723c4
-
SHA512
68a03c2110b0b39a2256e4dd4369ef5e8906d5d234e6812a2dcc4d5cc6cf9e957260523fe2cbcedf6848f3173a29b0ea2e987c120d6f99cc5f354ad0d6539dea
Static task
static1
Behavioral task
behavioral1
Sample
EDG95320200205005000471_126_953.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EDG95320200205005000471_126_953.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.westcong.com - Port:
587 - Username:
sb@westcong.com - Password:
welcome123
Targets
-
-
Target
EDG95320200205005000471_126_953.pdf.exe
-
Size
709KB
-
MD5
d1a7f1ccc8798a642d173d4f012d1451
-
SHA1
adea4919c4884ff7b7828246f0e8935d556769af
-
SHA256
9bf920c66f4a0d3e6b6ad48158f1d70c40d1f294ed8074dced3000330f63fa0c
-
SHA512
a079b58cdbed1e0c6d9cda8ba1cae49a16069487c6e2c0cc9d7ede66e5e1c63664704aacc44d946477e868381fa2a580970f822772c75ef29914284fdef61a23
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-