General
-
Target
Purchase Order.PDF.exe
-
Size
416KB
-
Sample
200630-dja1ncpdrs
-
MD5
64d28b8dbfcee3ecfe724b7b0eb930a0
-
SHA1
6d522d6372b7ed6bad0535f809345b5f207d1db1
-
SHA256
9bf34a347324254e98e309990bcc487c6bb53f4cb3a44b401290d1cea114b1cc
-
SHA512
d484dade1af20b36bbd7b7dbb94b41454c79ffc8bcbf76e3bf6ff4c100926ce2fbd37935f4a1265a0ba85bd61ba8bfcbe7fa61a06ac86e0a41fd65b9505c5b14
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.PDF.exe
Resource
win7
Behavioral task
behavioral2
Sample
Purchase Order.PDF.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bapipl.com - Port:
587 - Username:
skc@bapipl.com - Password:
Bharat123
Targets
-
-
Target
Purchase Order.PDF.exe
-
Size
416KB
-
MD5
64d28b8dbfcee3ecfe724b7b0eb930a0
-
SHA1
6d522d6372b7ed6bad0535f809345b5f207d1db1
-
SHA256
9bf34a347324254e98e309990bcc487c6bb53f4cb3a44b401290d1cea114b1cc
-
SHA512
d484dade1af20b36bbd7b7dbb94b41454c79ffc8bcbf76e3bf6ff4c100926ce2fbd37935f4a1265a0ba85bd61ba8bfcbe7fa61a06ac86e0a41fd65b9505c5b14
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-