General
-
Target
Direct_advice.exe
-
Size
608KB
-
Sample
201109-k52v93apxa
-
MD5
bf98feb3502d7f0914c6a1068a1bc9b1
-
SHA1
230ec06385b9c16f4accd3755cd72aa1c79be4a7
-
SHA256
bd798dda71e760acc62a228c3c770034e1a5d0f65db0e0805a6157bcd8c9c454
-
SHA512
04705964647d02c9b9ae2fa7b940ea493b6b0fd58f297b9d6bd9bc266cb7fd7ae94f9add7d5d85fe432f8ccb9efbbde8b7145a3b5931d08c5667c8d3765446c4
Static task
static1
Behavioral task
behavioral1
Sample
Direct_advice.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.israelagroconsultant.com - Port:
587 - Username:
info@israelagroconsultant.com - Password:
israelagro@123
Targets
-
-
Target
Direct_advice.exe
-
Size
608KB
-
MD5
bf98feb3502d7f0914c6a1068a1bc9b1
-
SHA1
230ec06385b9c16f4accd3755cd72aa1c79be4a7
-
SHA256
bd798dda71e760acc62a228c3c770034e1a5d0f65db0e0805a6157bcd8c9c454
-
SHA512
04705964647d02c9b9ae2fa7b940ea493b6b0fd58f297b9d6bd9bc266cb7fd7ae94f9add7d5d85fe432f8ccb9efbbde8b7145a3b5931d08c5667c8d3765446c4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-