General
-
Target
e1cd02a6bac6bcefb1e696dc92d75a2a60fe6d06ab4c5034a6773ea67c85c238
-
Size
372KB
-
Sample
220521-pej3lsadar
-
MD5
05ff2a949a056c1eaf8704c200e56fe1
-
SHA1
20a6dbe18734810c714985b5bbb836d193b9f79f
-
SHA256
e1cd02a6bac6bcefb1e696dc92d75a2a60fe6d06ab4c5034a6773ea67c85c238
-
SHA512
34ddb59a7b03783f948efbf096e3b46991e85d0b00e9f32f945dc56e21e9019b78697688ad51aaf1e5aed494939f42d88a852db1ae007f1af0e12cc70dbef941
Static task
static1
Behavioral task
behavioral1
Sample
Inv#678900SD.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inv#678900SD.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
henrylogsss@yandex.com - Password:
@vision123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
henrylogsss@yandex.com - Password:
@vision123
Targets
-
-
Target
Inv#678900SD.pdf.exe
-
Size
402KB
-
MD5
1d632559ef6b5cc5d7be445698d00179
-
SHA1
58b2a3eda775dc90030d08ecd50f190a3ac7f20f
-
SHA256
e9ac62c1f46fad7c6ab50764449dded69f6347e9e2cfd5a3cf7af750200c9371
-
SHA512
9ffc8b1df67d32f62f7ad3e473f6b1cfb4441bede27d89b1f44e20d3844392db67d72742fcb482890a584fd36369c8400e4b89bf3c7fd37f797b223cbf812296
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-