General
-
Target
RFQMI0016047.pdf.pdf.exe
-
Size
726KB
-
Sample
231205-wapkvsdd8w
-
MD5
c2cf87df8ae0643cc3fabb68833ee93a
-
SHA1
b086db553cbe24f70a6c8e79ace0323d6bc93553
-
SHA256
e9f611aaae38af4a81b3dda7c5997a4c8e852b6b87f4462b70bf5b5fa016e584
-
SHA512
96f8ff4226e3637fe254a3892397109ee2db3e3e17bf4b48eeaf596823d8adc2a62d8a66e4d69132212d6168c0975fa890fd0d0eaef39fda891d2e88d4ec20be
-
SSDEEP
12288:hgKE6jD/62iNG5nF81Gh2OojBxMHRaw3HaboW9IQM76K3y0Q9:hgKtD/61I4Gh2nrMHRaw3HabzINGwy0e
Static task
static1
Behavioral task
behavioral1
Sample
RFQMI0016047.pdf.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
RFQMI0016047.pdf.pdf.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JUGCRsm9 - Email To:
[email protected]
Targets
-
-
Target
RFQMI0016047.pdf.pdf.exe
-
Size
726KB
-
MD5
c2cf87df8ae0643cc3fabb68833ee93a
-
SHA1
b086db553cbe24f70a6c8e79ace0323d6bc93553
-
SHA256
e9f611aaae38af4a81b3dda7c5997a4c8e852b6b87f4462b70bf5b5fa016e584
-
SHA512
96f8ff4226e3637fe254a3892397109ee2db3e3e17bf4b48eeaf596823d8adc2a62d8a66e4d69132212d6168c0975fa890fd0d0eaef39fda891d2e88d4ec20be
-
SSDEEP
12288:hgKE6jD/62iNG5nF81Gh2OojBxMHRaw3HaboW9IQM76K3y0Q9:hgKtD/61I4Gh2nrMHRaw3HabzINGwy0e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-