General
-
Target
Purchase Order.PDF.exe
-
Size
429KB
-
Sample
200630-k4495t83z2
-
MD5
3b3a53ff56ada6008ba6d5edb4a3c76b
-
SHA1
20a5ed65f39b0570b40b11ad0ea7d4bc0f267eaa
-
SHA256
05996c601bef47933f65141b1dbc039784dc710307c2e7964feea58f6923748c
-
SHA512
f356c80135be7ac534e81e7bab6e2380c47f7598bd0306fd96f46c4a63bcc653d1a51290e5d6f63b66ce0b6c06bf0dcc7d6a13c4928b3d37c4738b90b636e426
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.PDF.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Purchase Order.PDF.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bapipl.com - Port:
587 - Username:
skc@bapipl.com - Password:
Bharat123
Targets
-
-
Target
Purchase Order.PDF.exe
-
Size
429KB
-
MD5
3b3a53ff56ada6008ba6d5edb4a3c76b
-
SHA1
20a5ed65f39b0570b40b11ad0ea7d4bc0f267eaa
-
SHA256
05996c601bef47933f65141b1dbc039784dc710307c2e7964feea58f6923748c
-
SHA512
f356c80135be7ac534e81e7bab6e2380c47f7598bd0306fd96f46c4a63bcc653d1a51290e5d6f63b66ce0b6c06bf0dcc7d6a13c4928b3d37c4738b90b636e426
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-