General
-
Target
ENGINEERING COMPANY.,LTD.zip
-
Size
827KB
-
Sample
210416-a2plm32t8s
-
MD5
a2f1ed23afb4cc474a96db7ba8707cf3
-
SHA1
7faab6a506280aa2426bc365fdf54314632049e8
-
SHA256
4efd6dd415ec66081c05c51e01574663d56792ddd098507ce31d245215297cbb
-
SHA512
a200f26d623b506b121f75b458031ecb8058d2d3760c779b60d130229ebfc760e4f7aa24eb0b4df7a1cc0d0413f7341bdbc4dd46ccca34b42e0d7a6241c0e940
Static task
static1
Behavioral task
behavioral1
Sample
goody(1).exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
goody(1).exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.almasroor.com - Port:
587 - Username:
[email protected] - Password:
042264528
Targets
-
-
Target
goody(1).exe
-
Size
1.2MB
-
MD5
5435ffcc0f1eac1c9056502764f9713c
-
SHA1
1bd97277f4f7e95c564122f72db68ab16ad539e2
-
SHA256
bf2ad88f65ab47227ea5240ff3179b62778886f92546c31b380c255bab994858
-
SHA512
c050ae41cb38b250f7c8b4baf2617b8ca1f1f775ac0f3636f9adb700f0da8a45034085fbba64b4a110996d077d0c1ecac0fdb91698868f1e209850817e50a938
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-