General
-
Target
EPDA Dec 2020 UPDATED_S.O.A Revised_2.r00
-
Size
238KB
-
Sample
210126-b5325kpmkn
-
MD5
fb215061181d7d4e1e244fc70ac172e3
-
SHA1
4a6099bcd959f708becf9e669d459161029478ea
-
SHA256
6cae7d1c457d915e347d1f75b8dbc6523fe4efd80c6e6a3a23a9ff2aeb67a204
-
SHA512
c7a636e3c0b57a77eca4950a1e8c8e883fbeff54332b4e745af15f7af236fdd3000b60c844aff73cb9037f1514fb42ddd89265bc1c430f917f7711cfe6af9b1c
Static task
static1
Behavioral task
behavioral1
Sample
EPDA Dec 2020 UPDATED_S.O.A Revised.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
EPDA Dec 2020 UPDATED_S.O.A Revised.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shreejilogistix.com - Port:
587 - Username:
info@shreejilogistix.com - Password:
ZHNecv9PfHk2
Targets
-
-
Target
EPDA Dec 2020 UPDATED_S.O.A Revised.exe
-
Size
625KB
-
MD5
b94f6fe6c0a12f51cefa10222036b2e8
-
SHA1
b47a296f3044b5bb5a1e8f5306ad5687067289c9
-
SHA256
c2c6013ed703c379c923c39bea006e32b5b27f6c4145f2d219665a190e493971
-
SHA512
d70b471da3a745ec981003d4ade776a71eb9870eecb649f9055929ec0ea0bbff900c95064047fe1b65d59470a30269c23496a6c66895f86e7a51b25afc4e71e6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-