General
-
Target
GS_ PO NO.1862021.exe
-
Size
605KB
-
Sample
210421-7g79wqpvba
-
MD5
dd69154b0cdf498ef93ea3005a4de557
-
SHA1
5d2146fffe83a3fca36ea89f3a38762cd797fa19
-
SHA256
11e9639235e6331d3fc76d710c73ce5412c3758f41ee587104839a0ee1d00f5a
-
SHA512
d3b6d5c81dcd59c6696a011890fa0980286e7cfcf7fd8712632c992ab4bb0bc939237029750f2cd4156adc680b5c87e00fa728bde1af5380a9fa681b58533a06
Static task
static1
Behavioral task
behavioral1
Sample
GS_ PO NO.1862021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
GS_ PO NO.1862021.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.odessabd.com - Port:
587 - Username:
compliance2@odessabd.com - Password:
abc321
Targets
-
-
Target
GS_ PO NO.1862021.exe
-
Size
605KB
-
MD5
dd69154b0cdf498ef93ea3005a4de557
-
SHA1
5d2146fffe83a3fca36ea89f3a38762cd797fa19
-
SHA256
11e9639235e6331d3fc76d710c73ce5412c3758f41ee587104839a0ee1d00f5a
-
SHA512
d3b6d5c81dcd59c6696a011890fa0980286e7cfcf7fd8712632c992ab4bb0bc939237029750f2cd4156adc680b5c87e00fa728bde1af5380a9fa681b58533a06
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-