General
-
Target
99cc15df63968ab8b8221a1d0b156a8d0a17f18982165044d357c5af000e90b8
-
Size
697KB
-
Sample
220521-phlevaaefp
-
MD5
3c9f638e8d292eada925e451cb8d3feb
-
SHA1
abddd210fe635c85b2a7c3ab86448836f7a29267
-
SHA256
99cc15df63968ab8b8221a1d0b156a8d0a17f18982165044d357c5af000e90b8
-
SHA512
12ac486095f5e4b4314292b9ff53d4338b2c922b80d27a08ecc19dbcf3e866f9510a88746f00b8d8f28e8a3cb58e91bf14307694e4a9c9ab73a6a228e17cddf8
Static task
static1
Behavioral task
behavioral1
Sample
Order list & Image_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order list & Image_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cargoford.com - Port:
587 - Username:
warrantyahd@cargoford.com - Password:
cargo@123
Targets
-
-
Target
Order list & Image_pdf.exe
-
Size
950KB
-
MD5
0ffb01f2bb7fc6f6e57ae9713792b98a
-
SHA1
63418836487dfa407a9220dfe34d74404929f3aa
-
SHA256
41bd82e37f82cfff6f789e28edb49e0c2b94062e2302d287e5c3c00015df066f
-
SHA512
ccac83d4ba61b106ffa300a7666a7a5ab53f11a69c6c57a1299ec84cb1210fc4287217b0d507f9e62ddbd911d5b5da6c2e31dbea529fe3ebdf95395ec5e6cf89
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-