General
-
Target
084619152a1fa679b084ece55a1a1cb199f9502e7d33046bc4d214bd2018858c
-
Size
580KB
-
Sample
220521-pdgk4aacdr
-
MD5
5f650c52d2a221e4bdd5c067cb2aa698
-
SHA1
040a0e1aec1406755e665d25ea71efcdd0c40e76
-
SHA256
084619152a1fa679b084ece55a1a1cb199f9502e7d33046bc4d214bd2018858c
-
SHA512
3fbd0bbe19d215a04042972aa072fb993c6571b50be5afdf0c39e533e9cca21a2e32e310a8a142005f412e81df8d789267fc3018e30194833e2c804f9a35c219
Static task
static1
Behavioral task
behavioral1
Sample
COTIZACIÓN_PDF_________________________________________.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
COTIZACIÓN_PDF_________________________________________.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.erneralduae.com - Port:
587 - Username:
jerryforward@erneralduae.com - Password:
nEV!EZo2
Targets
-
-
Target
COTIZACIÓN_PDF_________________________________________.exe
-
Size
739KB
-
MD5
145e8aea36c9f86f59925db2ae4a83aa
-
SHA1
55870f35ad72a0efeae1033e9dbe1f15e410b156
-
SHA256
383aa57d77f1740e89407ecb7598d62776d05dd61b9d0c7a13e6b5db9294daea
-
SHA512
e89d54f8e31893cade5ede23a63c0ab545b95d1f3880827bf6b4a21bab720ac5fb237d57d81aa9cd83ba80bf52c7f579e14eb0b359f9969109f59b210a70e8a8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-