General
-
Target
d89923d8fee69637c73b4b9bee5b62dbeb4aca00ad71d2595e8a2937223f8413
-
Size
596KB
-
Sample
220521-pr879sbbbr
-
MD5
b3b41a847d3a647a384a3ae1cb8f894d
-
SHA1
edffef7b3332d62e58e2754781227f80805973d1
-
SHA256
d89923d8fee69637c73b4b9bee5b62dbeb4aca00ad71d2595e8a2937223f8413
-
SHA512
05df9eb6d60b5e3bea8f8c5275909fb246bf1dc5f3dce804b01a152ee99755d02c3b146a344109b82d4257d4f212612feeb3559eae88eae4b9509ee60fbd84d6
Static task
static1
Behavioral task
behavioral1
Sample
28273_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
28273_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.impressindia.net - Port:
587 - Username:
[email protected] - Password:
Simbi!@#
Targets
-
-
Target
28273_pdf.exe
-
Size
518KB
-
MD5
e771e9ad3b315af96417f8afb43277d1
-
SHA1
191e14a19791415e893a48d5877ac1c9374c3895
-
SHA256
9b7f18795309cd9c9caafad0151d83817f72f1e1caf506b4173d62a988a5e2ec
-
SHA512
2dff31bfe24297fc27b95948baa00f07e3c59973418294c57bd496b1e15248c623347357dc2b0fc61ce3e389d9f0cd1d2a16042c374bc41301503f33c9865282
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-