General
-
Target
invoice.pdf.z
-
Size
712KB
-
Sample
230328-jgzyysbd9t
-
MD5
a266e6e5da5ffa1e35b5f6e3316376ac
-
SHA1
80bcb39315620d4d1c989d07a46bb566246a11f3
-
SHA256
872f6e199585552edeed7104508fc56ccc1d4c6a5a2501e7608522dbb9eab798
-
SHA512
e02914dbed894a909531912dc1e80ab750b1902f3b7e83a1cd1fe33fa8e8606e00925f087bab49356452528dc5eb81ac61949d5d95baf717fe44691e2091745f
-
SSDEEP
12288:6Qug8Ha7BvETWnZJNBSrUoPV5iu/JbY/qNQ0FxQOcpSS63dhiQqYPmvsBlFIXy:6Rg8HaZ/ZfBAUMVQAJ0uDQOESt3riTMP
Static task
static1
Behavioral task
behavioral1
Sample
invoice.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
invoice.pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs@modernplesticgoa.com - Password:
JUGCRsm9 - Email To:
logs@modernplesticgoa.com
Targets
-
-
Target
invoice.pdf.exe
-
Size
791KB
-
MD5
083c066431159d98ebffd1788bf43ee9
-
SHA1
f0d68ddf58e4143bb14ee41263549c768fb0f181
-
SHA256
0447c43cc9d78ef162784c4ae1ce6baa8289f9c159ec6baf735072a93bb51a88
-
SHA512
1afa1aa274921cbb4d039b9a1a35aa38d52b2928e22547a6648a78e5a19aaa2e5220e626df245c9b5a483e3ee6d0afc74bac6a03f8c64214dd11eef4b5d14e4a
-
SSDEEP
12288:Js1KdJVZz5d20qfcNdJaq5dsr1Z7SVJ2cJ0qSTXyl/ezVXUjlmlJkDLdjSV4AD7t:JsKVZ9fA8sRZoH0qSTXylpjlmMsV4AP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-