General
-
Target
Quote JQ2341024749.pdf.exe
-
Size
794KB
-
Sample
230328-pvmhnscf7y
-
MD5
3a71f65f7c59f652565a2b2e0000b997
-
SHA1
a39c10b001142ba93666742ea8801ac0a5db8501
-
SHA256
d9c078eee29bbf1fa6676ddad6c290a903d4485a56c8a31c50e4c639680a1a00
-
SHA512
d612cb3441568d7a859ae0d1cd46d6e226b4a74b40a06ac636132cd2356ebf6661948d2de9813e2eb29b23affa5f6db7c4f0f2255733cc3515ae638c4201c8ea
-
SSDEEP
12288:aA5eB0ODqXH6TC57yItUMEyMqleZbLjU8rnoK8wC2iDvv7i4XJhZ:aA5GRqXHV7VlEPqM1jUKx8wE7vLD
Static task
static1
Behavioral task
behavioral1
Sample
Quote JQ2341024749.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Quote JQ2341024749.pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs@modernplesticgoa.com - Password:
JUGCRsm9 - Email To:
logs@modernplesticgoa.com
Targets
-
-
Target
Quote JQ2341024749.pdf.exe
-
Size
794KB
-
MD5
3a71f65f7c59f652565a2b2e0000b997
-
SHA1
a39c10b001142ba93666742ea8801ac0a5db8501
-
SHA256
d9c078eee29bbf1fa6676ddad6c290a903d4485a56c8a31c50e4c639680a1a00
-
SHA512
d612cb3441568d7a859ae0d1cd46d6e226b4a74b40a06ac636132cd2356ebf6661948d2de9813e2eb29b23affa5f6db7c4f0f2255733cc3515ae638c4201c8ea
-
SSDEEP
12288:aA5eB0ODqXH6TC57yItUMEyMqleZbLjU8rnoK8wC2iDvv7i4XJhZ:aA5GRqXHV7VlEPqM1jUKx8wE7vLD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-