General
-
Target
OLUn8L3Z.zip
-
Size
579KB
-
Sample
210419-em1ecd216a
-
MD5
91bf3d10d971f89a5c3660f1ce49c770
-
SHA1
ac7b21c4df59317bf7c0fb34de4b366b54e309b4
-
SHA256
05aed5baff08d18cdd83ce49f9f08897df25a908a4e0b0e27c4768c3e90ee174
-
SHA512
8f0ca740afff01ac295d6c6c8395598778923b35dfda576e35816e2df909ce018e9df29bc7dadf4f030ec3b046400d84b22e920665dbbd55182d7c71f37d377c
Static task
static1
Behavioral task
behavioral1
Sample
OLUn8L3Z.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
OLUn8L3Z.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mesco-midhco.com - Port:
587 - Username:
[email protected] - Password:
fFEawV%0
Targets
-
-
Target
OLUn8L3Z.exe
-
Size
940KB
-
MD5
d7a6c07be5a5f212884d01797c3d5fa6
-
SHA1
e4cb2a03354a7417f1062c89b0f08018863380df
-
SHA256
71032ee8d3bb7e5b97fc58c2478c58b218730eb7a56929da7c5d4816e202e71c
-
SHA512
50cddcdff86594fea2f2ffe24cdef71b0bf9fbd46703f3dca37f2a89630a57ea63c0b5cbd2d0be682e2e9f03bdcb478cd61c5bc959fa7f35d132e70f04f20d7c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-