General
-
Target
520ebc15e7c85272d5d818794258d08823ca07cce7df0df9b202a35660264e38
-
Size
621KB
-
Sample
231212-p82vhsdcdm
-
MD5
3f8ff61902aa9e059b4559a9a3152a02
-
SHA1
4ffcb4d369446adeb817a1f507ecae29c27f705f
-
SHA256
520ebc15e7c85272d5d818794258d08823ca07cce7df0df9b202a35660264e38
-
SHA512
7bd6fa7155f8f0d05deaf63269980ea4967bfc499137e729d3436fecff572d95bd0487d1ea7ad283e5fac2ec958aac77ccf27ef339456f4f28727a1aeadeb1d1
-
SSDEEP
12288:/7De9M/K7Kg1uvF0kOmp9Q97abafw3VYSWawZc+N5jdn87mXDaQ:mCcKg1uv2k/a9wwwKSWagrH
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Enquiry-Y97STVZCPZC12AQ-03315904351-pdf.exe
Resource
win7-20231020-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1181759713713602600/iHsQ6OYa_KMNpOIA7OYiDu7j9BWVVvJ0gcEWr8VRve7tDH1TR5LRILIK1jr1NG5T-29a
Targets
-
-
Target
Purchase Enquiry-Y97STVZCPZC12AQ-03315904351-pdf.exe
-
Size
668KB
-
MD5
9119bc707a33a35acdaf7b200c333114
-
SHA1
6e61a99702917a3a0a81ba7533955c08e2b62904
-
SHA256
df7306e9804b036951292e2a2475f14ac6a14294ddd7d17df9f0442e4a8e28c7
-
SHA512
034c30c5ea354c6d1b8cc37efca124af157345e7f6d2f48a01d7aa54e9e27d113b2b8b248fa139fc28694c9ae348ba1f053dda5b125f19fc314e6accd532aed8
-
SSDEEP
12288:13Vz+4WpAEry7469rISXDopXuGPU5XULMpVN8+iLdYhGgQV+2hp8LU2Wwg+:4pAE3697XDQvGULMp3kLdYhvQVTpq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-