General
-
Target
_DRAWINGS-dwg.gz
-
Size
717KB
-
Sample
210423-p75wsajbae
-
MD5
74203a51487d89f5b75d83c6ae37e2a8
-
SHA1
fdbc348ae6789005ce42377c0d56900609f26095
-
SHA256
613b7cac480a49b94f0ee1ff7a2b6162900fa61aefdd6d6a0e2c55ffd754c1a4
-
SHA512
2259b74e034fa7c35026fa598595a18c55ac04b21ee66ed5697eda10b476e10c08a39f670d8bfa254d65f6207dca3690acb359da2096561063d5ca717d5ba872
Static task
static1
Behavioral task
behavioral1
Sample
DRAWINGS-dwg.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DRAWINGS-dwg.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.soonlogistics.com - Port:
587 - Username:
admin@soonlogistics.com - Password:
admin6640!
Targets
-
-
Target
DRAWINGS-dwg.exe
-
Size
918KB
-
MD5
e7f2b93b13cb43a59226c5f4344b872f
-
SHA1
14cb200c4cf23aa338d008fdec1fd1e98ba8b50e
-
SHA256
e794937ba8664921540e05d5bb794d1f918b5452ee15adf4e08a27dd29121a98
-
SHA512
7c932aa238cc96c831d82516eaeb0c03722a3bd14d145ce2286af5a90c0b30bf0211656caf481f900bc04f0bff17afa186551baf6b9459b4799a2ad75ae80ac7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-