General
-
Target
Cotización-202002722.pdf.exe
-
Size
454KB
-
Sample
230328-vjdpaacb24
-
MD5
617c28ec9403e42fbbce2915d7b9ca98
-
SHA1
12676d2161a1a8640a555bbce0fd7dcbb1ceb903
-
SHA256
333b4a89730feb420bc1a76bed5c75943e663abd60eaf91c1bafd8417ccab76d
-
SHA512
bbc67585f09c19cabaae345ee57c5bdca551ee1349c24b0404a9cc570bb467ee2e807a4eca4bcf150d424b7b40407c241a8e7679d18b7e05ac63a3e9ddee4994
-
SSDEEP
12288:y/6fGJ3rRkmrrLG9oouz/rJdNOY/WrdqgYic81v:FCbRzLG+ourldNOYkdPo81v
Static task
static1
Behavioral task
behavioral1
Sample
Cotización-202002722.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Cotización-202002722.pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.itzayanaland.com - Port:
587 - Username:
security01@itzayanaland.com - Password:
H!S6_PFHTAN{ - Email To:
security01@itzayanaland.com
Targets
-
-
Target
Cotización-202002722.pdf.exe
-
Size
454KB
-
MD5
617c28ec9403e42fbbce2915d7b9ca98
-
SHA1
12676d2161a1a8640a555bbce0fd7dcbb1ceb903
-
SHA256
333b4a89730feb420bc1a76bed5c75943e663abd60eaf91c1bafd8417ccab76d
-
SHA512
bbc67585f09c19cabaae345ee57c5bdca551ee1349c24b0404a9cc570bb467ee2e807a4eca4bcf150d424b7b40407c241a8e7679d18b7e05ac63a3e9ddee4994
-
SSDEEP
12288:y/6fGJ3rRkmrrLG9oouz/rJdNOY/WrdqgYic81v:FCbRzLG+ourldNOYkdPo81v
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-