General
-
Target
3aacc79d8cd0a0faabf7a4f523422c1afc768555244896be14ef322327cfbfb5
-
Size
396KB
-
Sample
231205-t9qabsda25
-
MD5
58396cc26edfe69bbae48e6a19c4c7eb
-
SHA1
ea55bf88819c31822fc80536138b08bd73de27f9
-
SHA256
3aacc79d8cd0a0faabf7a4f523422c1afc768555244896be14ef322327cfbfb5
-
SHA512
386250b7c027ea9d1428c684d262fc4b4737c9f3b8fe615c62d13b74a9de28a47c67c092655a4342a003a5fa86b9a685f718dbfb0da7f84c1000a0a9ac48e5c3
-
SSDEEP
12288:/y2EqW7pDXRh4aX4CxmbEyF4TkgyJkqZE/jbFY93nxlFKJ:/y6OpLVXrO4tZjbalFKJ
Static task
static1
Behavioral task
behavioral1
Sample
Amendment POs 05-Dec 2023 pdf.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Amendment POs 05-Dec 2023 pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
Amendment POs 05-Dec 2023 pdf.exe
-
Size
423KB
-
MD5
db004427de4f603941d2f40d6a22d105
-
SHA1
83879efd1dab6923cc56a979756c0e0cff3d4320
-
SHA256
49c8753d20ef77ddfd436992e8c015dd23cc0a5e03429f614470321602df624e
-
SHA512
d8a11bcb010f5a1476b05b7fe422d51e24fe2cbbbc6098ea4110fd0733cba8a99ccf7ac079fbc9484a550af5a9c183b693ae9e3e90ad10474fff2f82031d064d
-
SSDEEP
6144:T8LxB8/leyb8dfEPuc+W5nSPWO2vR72Tl7CjfsLkt1QSdUqZEIWjbFYh7zQcjzRF:x/leyEfEE4yqScUqZE/jbFYfznxlnksb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-