General
-
Target
59da575c89b734e66357a81507047328ba6e7e828f9ce329841c99c53d0d2324
-
Size
431KB
-
Sample
220521-pqtq7abadp
-
MD5
97d24dde6e6c7b88effe116875a41030
-
SHA1
a4b9080640b1d6d273d110d2b67c1080fd7fd922
-
SHA256
59da575c89b734e66357a81507047328ba6e7e828f9ce329841c99c53d0d2324
-
SHA512
c5ae03ff106a430a53c503bb3bb34bdf7b1b54cb5897fb0b349a6f532b2b2a198f6eb9750a232e77882574b22d628a1d8e945990f0b7263796c7f5ab7b8cc65c
Static task
static1
Behavioral task
behavioral1
Sample
Payment Copy.PDF (299KB).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Copy.PDF (299KB).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.knmbz.com - Port:
587 - Username:
ab@knmbz.com - Password:
kJubHQs8
Targets
-
-
Target
Payment Copy.PDF (299KB).exe
-
Size
669KB
-
MD5
5a20534df9c11a2a6e2803f1941c8fb4
-
SHA1
9ffc821c1e840d1e8a021ffec3e6ff2b7092a44e
-
SHA256
96a61524af6f3e722e01243b734279f6c19eca0f3986d4450ee3f76d9d31c79a
-
SHA512
b1cbcc1e8dd74cbce2610e12d4b96c6129508d21dd91f315b1e3f59f201a0a94d72631447acf3f245d4074d77368a057ca5c327bae6b2232cf75f9528d7b9b1d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-