General
-
Target
OLUn8L3Z.exe
-
Size
940KB
-
Sample
210419-sczqfptgx6
-
MD5
d7a6c07be5a5f212884d01797c3d5fa6
-
SHA1
e4cb2a03354a7417f1062c89b0f08018863380df
-
SHA256
71032ee8d3bb7e5b97fc58c2478c58b218730eb7a56929da7c5d4816e202e71c
-
SHA512
50cddcdff86594fea2f2ffe24cdef71b0bf9fbd46703f3dca37f2a89630a57ea63c0b5cbd2d0be682e2e9f03bdcb478cd61c5bc959fa7f35d132e70f04f20d7c
Static task
static1
Behavioral task
behavioral1
Sample
OLUn8L3Z.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
OLUn8L3Z.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mesco-midhco.com - Port:
587 - Username:
[email protected] - Password:
fFEawV%0
Targets
-
-
Target
OLUn8L3Z.exe
-
Size
940KB
-
MD5
d7a6c07be5a5f212884d01797c3d5fa6
-
SHA1
e4cb2a03354a7417f1062c89b0f08018863380df
-
SHA256
71032ee8d3bb7e5b97fc58c2478c58b218730eb7a56929da7c5d4816e202e71c
-
SHA512
50cddcdff86594fea2f2ffe24cdef71b0bf9fbd46703f3dca37f2a89630a57ea63c0b5cbd2d0be682e2e9f03bdcb478cd61c5bc959fa7f35d132e70f04f20d7c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-