General
-
Target
MT103 USD36k_pdf.exe
-
Size
300KB
-
Sample
221128-kl1xgsae35
-
MD5
67060e229fd001baaf2ff8e36f435f0f
-
SHA1
e8fa3767b8cc7df3c58e04ffb77ba49ca0d65210
-
SHA256
3715a1b3671a7526ba34a708a617c353c27380d255b6a74493978ded978e01b0
-
SHA512
38ea3c2ed47ae45062b6239c1812616479fefe957f93b60281431d5aff6272fa7948b0bc77149ae2195ccf2abb2171e99731d68e06bf990ebbb9aa18a49c5086
-
SSDEEP
6144:BBnvBRhD9wLIp/s6usl9aAh3RhB0QbsIABuwVeWK:35aes6ft3Rhp7ABuwVe7
Static task
static1
Behavioral task
behavioral1
Sample
MT103 USD36k_pdf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
MT103 USD36k_pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abmds.net - Port:
587 - Username:
[email protected] - Password:
KPM%a_UfaCbn - Email To:
[email protected]
Targets
-
-
Target
MT103 USD36k_pdf.exe
-
Size
300KB
-
MD5
67060e229fd001baaf2ff8e36f435f0f
-
SHA1
e8fa3767b8cc7df3c58e04ffb77ba49ca0d65210
-
SHA256
3715a1b3671a7526ba34a708a617c353c27380d255b6a74493978ded978e01b0
-
SHA512
38ea3c2ed47ae45062b6239c1812616479fefe957f93b60281431d5aff6272fa7948b0bc77149ae2195ccf2abb2171e99731d68e06bf990ebbb9aa18a49c5086
-
SSDEEP
6144:BBnvBRhD9wLIp/s6usl9aAh3RhB0QbsIABuwVeWK:35aes6ft3Rhp7ABuwVe7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-