General
-
Target
dokkkkk.exe
-
Size
509KB
-
Sample
200707-1wm5ec88t6
-
MD5
113239f43eb0005b30cf539444770cb5
-
SHA1
7221c65fd081f585618902c030cc7b92fa32174f
-
SHA256
812d33de017fe1d0ebfa94216d475e13746496c502287675604ae468f1a71720
-
SHA512
157c985f9bcd268de5f0a013a7376746e2014fca6cdeb91ef0839912f0cd52f59bd17e99a6d84349a2d9676893507086258cdde23ad9bd67be4e8c4377c4af81
Static task
static1
Behavioral task
behavioral1
Sample
dokkkkk.exe
Resource
win7
Behavioral task
behavioral2
Sample
dokkkkk.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
[email protected] - Password:
pawan100
Targets
-
-
Target
dokkkkk.exe
-
Size
509KB
-
MD5
113239f43eb0005b30cf539444770cb5
-
SHA1
7221c65fd081f585618902c030cc7b92fa32174f
-
SHA256
812d33de017fe1d0ebfa94216d475e13746496c502287675604ae468f1a71720
-
SHA512
157c985f9bcd268de5f0a013a7376746e2014fca6cdeb91ef0839912f0cd52f59bd17e99a6d84349a2d9676893507086258cdde23ad9bd67be4e8c4377c4af81
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-