General
-
Target
GS_ PO NO.1862021.zip
-
Size
520KB
-
Sample
210421-zgxl5jpcbx
-
MD5
1eadad01709a0294e51f5b64462059fc
-
SHA1
e8318397ccc5d057c98262211a070e87201c1e0d
-
SHA256
399a8f899ba8d8ef02ecfd588fcbe4c0e85d59d8a51bb3127dc3e5fc451d278b
-
SHA512
735e0dcfe333dd14f731fefafb3a8e2358623ebac85913d2bf7c6261c4953c90ab37fb091db837020fa69367c79851e47697bc503df419e2b06a5971abd2695b
Static task
static1
Behavioral task
behavioral1
Sample
GS_ PO NO.1862021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
GS_ PO NO.1862021.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.odessabd.com - Port:
587 - Username:
compliance2@odessabd.com - Password:
abc321
Targets
-
-
Target
GS_ PO NO.1862021.exe
-
Size
605KB
-
MD5
dd69154b0cdf498ef93ea3005a4de557
-
SHA1
5d2146fffe83a3fca36ea89f3a38762cd797fa19
-
SHA256
11e9639235e6331d3fc76d710c73ce5412c3758f41ee587104839a0ee1d00f5a
-
SHA512
d3b6d5c81dcd59c6696a011890fa0980286e7cfcf7fd8712632c992ab4bb0bc939237029750f2cd4156adc680b5c87e00fa728bde1af5380a9fa681b58533a06
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-