General
-
Target
NEW P O.exe
-
Size
482KB
-
Sample
201109-f9xnwgawy6
-
MD5
d8492d52da3b7fc82bc19b8aca351c63
-
SHA1
a368f5ea2903bae4dc521189a09c490a215d7577
-
SHA256
e8ea9e32e32ba57db997117b275a571e3d69793663a9e81b4f2df7616b1389b4
-
SHA512
79e1ecee0202411b1ce9d3cc15d9eb175206471b194f5ab941ab6c391d19accc1656b03b6aa1e920b20dba2b1fe01f7ff0f91cb63d93a2a0e58d1e98a799f013
Static task
static1
Behavioral task
behavioral1
Sample
NEW P O.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
NEW P O.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
NEW P O.exe
-
Size
482KB
-
MD5
d8492d52da3b7fc82bc19b8aca351c63
-
SHA1
a368f5ea2903bae4dc521189a09c490a215d7577
-
SHA256
e8ea9e32e32ba57db997117b275a571e3d69793663a9e81b4f2df7616b1389b4
-
SHA512
79e1ecee0202411b1ce9d3cc15d9eb175206471b194f5ab941ab6c391d19accc1656b03b6aa1e920b20dba2b1fe01f7ff0f91cb63d93a2a0e58d1e98a799f013
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-