General
-
Target
CMR-7146846_PDF.pif
-
Size
310KB
-
Sample
210928-nevcxabhcp
-
MD5
71028a6ec414b1642243aa4981a3365f
-
SHA1
630b016a94f7bee220565d3b9a55a2ae8ef73c5a
-
SHA256
167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918
-
SHA512
4c403091f4839867d7465e437f30eb3648a114ebf1e16cadbcd4a232f2c9b75fac1ef4d9b7081314eeabb33eb9579ce39373385f122c3104e7a7815c007b790a
Static task
static1
Behavioral task
behavioral1
Sample
CMR-7146846_PDF.pif.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
CMR-7146846_PDF.pif.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.globalmedical.nl - Port:
587 - Username:
vic@globalmedical.nl - Password:
W3oxtsMvzRhJV&eBZoFabwZV
Targets
-
-
Target
CMR-7146846_PDF.pif
-
Size
310KB
-
MD5
71028a6ec414b1642243aa4981a3365f
-
SHA1
630b016a94f7bee220565d3b9a55a2ae8ef73c5a
-
SHA256
167d1af8c8c4a185c34d0e65bab348748fb524f3e95c6136324f1e2d7e310918
-
SHA512
4c403091f4839867d7465e437f30eb3648a114ebf1e16cadbcd4a232f2c9b75fac1ef4d9b7081314eeabb33eb9579ce39373385f122c3104e7a7815c007b790a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-