General
-
Target
9e13264de403e804d6214a0dedc6c01d8e8fc9de6f9c4fc1d18e08fb4656a4a6
-
Size
363KB
-
Sample
220521-pva5msgac9
-
MD5
d59773dda7f71413a64369c8ee0c36a7
-
SHA1
90cb5d04fb44571c0fae6cbb690dbed3344b9cb6
-
SHA256
9e13264de403e804d6214a0dedc6c01d8e8fc9de6f9c4fc1d18e08fb4656a4a6
-
SHA512
004d28d88f1b18135a6c0e30c5ba0d5f29846b29085c3b6b56727d3766110833eca68c6392598d3afe18cb05224ad480a1e0553e307d86b88e095ba7358bb4a7
Static task
static1
Behavioral task
behavioral1
Sample
Original Shipping documents .pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Original Shipping documents .pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
infokingking88@yandex.ru - Password:
kingmoney12345
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
infokingking88@yandex.ru - Password:
kingmoney12345
Targets
-
-
Target
Original Shipping documents .pdf.exe
-
Size
497KB
-
MD5
b4c970d02853627e0895a727572788c7
-
SHA1
78c71acc984005bb0f7db63180dd3b3fa9673abb
-
SHA256
7d55b0a9f323550b53b9bed20b938959163a3ab02b995a6d84d5e4b0145febb7
-
SHA512
3f71519f1c105b49c538dd7b37e22207765c233809999eed8f786d834b023d85974d4fd4ba370e19f5843eefc454c5a88149985dacf9fee878315a41d3c7cc35
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-