General
-
Target
PO-no 74GW0942.exe
-
Size
837KB
-
Sample
210420-a4v6adgqw6
-
MD5
4cde3609b918d4ef83a1f50dd0e6bc8e
-
SHA1
69878bfdfe1b730f802bfa6ad515efdef96aa43f
-
SHA256
5c4676ef5bd6f6d10826944d9e51efadb58fbbb936ff5f10d7aa91235c35946d
-
SHA512
7def65260ab6f04c0b4e3af4754e54d28bd6a289152692f047915b2cc9fb5f799ae47a605efe401f1e606b0c7f787be13b68ac1ec67ba88539a12d041c6d8f5f
Static task
static1
Behavioral task
behavioral1
Sample
PO-no 74GW0942.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO-no 74GW0942.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
project2021blessinggoodgood2+me
Targets
-
-
Target
PO-no 74GW0942.exe
-
Size
837KB
-
MD5
4cde3609b918d4ef83a1f50dd0e6bc8e
-
SHA1
69878bfdfe1b730f802bfa6ad515efdef96aa43f
-
SHA256
5c4676ef5bd6f6d10826944d9e51efadb58fbbb936ff5f10d7aa91235c35946d
-
SHA512
7def65260ab6f04c0b4e3af4754e54d28bd6a289152692f047915b2cc9fb5f799ae47a605efe401f1e606b0c7f787be13b68ac1ec67ba88539a12d041c6d8f5f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-