General
-
Target
QUOTE 002242020.exe
-
Size
2.1MB
-
Sample
201109-pacw17sbr6
-
MD5
bdbfa33c09b950889d9fc19954f20935
-
SHA1
d9c6cf2322734d49a1c479ff31d044ccef2f739e
-
SHA256
51558f41331f2345cd146dc9705f48e8a6fdc425e6744658ff2ea53d42d34ae6
-
SHA512
5ab3679f6c523a4a5d73678461f5089713b06fde01d59d42e2ca728d7723af01d135eba0737bf1606f105bb0a64573807cc687b8f4ba0666f4678948f1ae6fa7
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE 002242020.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
QUOTE 002242020.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.parshavayealborz.com - Port:
587 - Username:
info@parshavayealborz.com - Password:
P@rshava123456
Targets
-
-
Target
QUOTE 002242020.exe
-
Size
2.1MB
-
MD5
bdbfa33c09b950889d9fc19954f20935
-
SHA1
d9c6cf2322734d49a1c479ff31d044ccef2f739e
-
SHA256
51558f41331f2345cd146dc9705f48e8a6fdc425e6744658ff2ea53d42d34ae6
-
SHA512
5ab3679f6c523a4a5d73678461f5089713b06fde01d59d42e2ca728d7723af01d135eba0737bf1606f105bb0a64573807cc687b8f4ba0666f4678948f1ae6fa7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-