General
-
Target
PO3452302659 pdf.exe
-
Size
1.5MB
-
Sample
240122-xwg9cacden
-
MD5
fae4e4923fdb5a9079e873477bf92911
-
SHA1
99dea9162447750cdd502fc0eb16f2ca7c54ea33
-
SHA256
fa248ec2c76556f7e9c71cc5979bea9f3cce8f565a44398b0e7fae3005f0b13a
-
SHA512
126f372bc4431ad7a899f85c2f1f6d095966ed1eba8fc4cf3e6166514eb03a538bc6c29eae675330c811f6b62f2cb3cc17af1d6fbc8085ff84a6e7743efd8836
-
SSDEEP
24576:iWaS+JEfphxW553sSntC6s+6qbU0saooQaPSMdLAWqY8fWFEIJ3VUPvymws5IgZs:eS+axysYC6syUkoPaPS2AJNyxUP+Mk
Static task
static1
Behavioral task
behavioral1
Sample
PO3452302659 pdf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
PO3452302659 pdf.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
qualite77 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.ionos.fr - Port:
587 - Username:
[email protected] - Password:
qualite77
Targets
-
-
Target
PO3452302659 pdf.exe
-
Size
1.5MB
-
MD5
fae4e4923fdb5a9079e873477bf92911
-
SHA1
99dea9162447750cdd502fc0eb16f2ca7c54ea33
-
SHA256
fa248ec2c76556f7e9c71cc5979bea9f3cce8f565a44398b0e7fae3005f0b13a
-
SHA512
126f372bc4431ad7a899f85c2f1f6d095966ed1eba8fc4cf3e6166514eb03a538bc6c29eae675330c811f6b62f2cb3cc17af1d6fbc8085ff84a6e7743efd8836
-
SSDEEP
24576:iWaS+JEfphxW553sSntC6s+6qbU0saooQaPSMdLAWqY8fWFEIJ3VUPvymws5IgZs:eS+axysYC6syUkoPaPS2AJNyxUP+Mk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-