General
-
Target
invoice.pdf.exe
-
Size
791KB
-
Sample
230328-h8dz5abd4z
-
MD5
083c066431159d98ebffd1788bf43ee9
-
SHA1
f0d68ddf58e4143bb14ee41263549c768fb0f181
-
SHA256
0447c43cc9d78ef162784c4ae1ce6baa8289f9c159ec6baf735072a93bb51a88
-
SHA512
1afa1aa274921cbb4d039b9a1a35aa38d52b2928e22547a6648a78e5a19aaa2e5220e626df245c9b5a483e3ee6d0afc74bac6a03f8c64214dd11eef4b5d14e4a
-
SSDEEP
12288:Js1KdJVZz5d20qfcNdJaq5dsr1Z7SVJ2cJ0qSTXyl/ezVXUjlmlJkDLdjSV4AD7t:JsKVZ9fA8sRZoH0qSTXylpjlmMsV4AP
Static task
static1
Behavioral task
behavioral1
Sample
invoice.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
invoice.pdf.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs@modernplesticgoa.com - Password:
JUGCRsm9 - Email To:
logs@modernplesticgoa.com
Targets
-
-
Target
invoice.pdf.exe
-
Size
791KB
-
MD5
083c066431159d98ebffd1788bf43ee9
-
SHA1
f0d68ddf58e4143bb14ee41263549c768fb0f181
-
SHA256
0447c43cc9d78ef162784c4ae1ce6baa8289f9c159ec6baf735072a93bb51a88
-
SHA512
1afa1aa274921cbb4d039b9a1a35aa38d52b2928e22547a6648a78e5a19aaa2e5220e626df245c9b5a483e3ee6d0afc74bac6a03f8c64214dd11eef4b5d14e4a
-
SSDEEP
12288:Js1KdJVZz5d20qfcNdJaq5dsr1Z7SVJ2cJ0qSTXyl/ezVXUjlmlJkDLdjSV4AD7t:JsKVZ9fA8sRZoH0qSTXylpjlmMsV4AP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-