General
-
Target
PO-no 74GW0942.zip
-
Size
632KB
-
Sample
210420-dj87ynm23n
-
MD5
875faa81f6ef331c9d391e0fbdd3a87c
-
SHA1
2a55586fbdbb24295136f6895cbbd7b41488b671
-
SHA256
9124e16d0db26bb4f560f7240882404162302ba301a430a025c5b7d20c6e3bc8
-
SHA512
1249d8fec0be96250b31ac341657390042f938cb798c1fd484fee3e3d755ec595eec3edade5e0639812885d8d556905f7ba6bf058225bd41279c5bbdfe5ddc0b
Static task
static1
Behavioral task
behavioral1
Sample
PO-no 74GW0942.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO-no 74GW0942.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
project2021blessinggoodgood2+me
Targets
-
-
Target
PO-no 74GW0942.exe
-
Size
837KB
-
MD5
4cde3609b918d4ef83a1f50dd0e6bc8e
-
SHA1
69878bfdfe1b730f802bfa6ad515efdef96aa43f
-
SHA256
5c4676ef5bd6f6d10826944d9e51efadb58fbbb936ff5f10d7aa91235c35946d
-
SHA512
7def65260ab6f04c0b4e3af4754e54d28bd6a289152692f047915b2cc9fb5f799ae47a605efe401f1e606b0c7f787be13b68ac1ec67ba88539a12d041c6d8f5f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-