General
-
Target
cdeebfd761066807f514e1f6f398ba7211093ee953c0cfec3151257eda1d7237
-
Size
428KB
-
Sample
220521-nzqkfshedn
-
MD5
9d295d17d1ebfa4f3a3cb1f7c0b11557
-
SHA1
407c03a77b21f3b5076d4d6b34f21460d0de677d
-
SHA256
cdeebfd761066807f514e1f6f398ba7211093ee953c0cfec3151257eda1d7237
-
SHA512
80fb7bca0cde42e12063d6ab6ee269dee4b1eb1db126c87c3c9f0f9b7acbf2c6e77698fca05b9b3a1e15bebc4820e29cb9f8d768cc85845c8805383d5c80c2cd
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order Needed.Pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order Needed.Pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
richardaderson2@gmail.com - Password:
iefjtgbwxjcwxeww
Targets
-
-
Target
Purchase Order Needed.Pdf.exe
-
Size
1.0MB
-
MD5
a67bd793586a4318710f2ea5f708124a
-
SHA1
b15d5ffc7a92073b248dd8ced531dd74e226a069
-
SHA256
314843bc96cbfa3115bc86edd37758ecdaaf6af6ae543a64014e921fda7294fb
-
SHA512
66adc8b61a06c2c3a8b84c30829939ca42731b2b0cf03e8776d87a0baec389807525234e95ee83927bb9cb48b58358e18b297711596b8521a1c969faa36e80c1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-