General
-
Target
GS_ PO NO.1862021.zip
-
Size
489KB
-
Sample
210408-3z2yj7bc3n
-
MD5
f1d4021303603e2e9a36e828523c75e9
-
SHA1
56684d3f5f2bf463b144db81623f732a3c4c891b
-
SHA256
34d6009b5bb206cc478e1c18446985603ee853e33998188ee7cd23238cd2df59
-
SHA512
d445b17a86940f1447a3fc0de5832f8a40e33089910efa620c520724bd147488165caf73a5330e848f73bd1722e24c1940d1662508d2e6c35d0e9a41a6d8efcf
Static task
static1
Behavioral task
behavioral1
Sample
GS_ PO NO.1862021.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
GS_ PO NO.1862021.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.odessabd.com - Port:
587 - Username:
compliance2@odessabd.com - Password:
abc321
Targets
-
-
Target
GS_ PO NO.1862021.exe
-
Size
559KB
-
MD5
65f5b048052a74a121ce54a75492374f
-
SHA1
e5bb9d25809a7e30ac97da1279e67ea7e44074d6
-
SHA256
e9fe2d375a2cddb31ca744190586f24d38b86f0fcbf9228ab6083c6763e71928
-
SHA512
83b2239384592c9aae95d3c6a3aa7de02fc2966f1a3c75dd599f29eea94558f42eac3df2f6e6d29370a18060aa432e04f16d933a7718450b4977d4a0db3e2182
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-