General
-
Target
_ae6854gfhj.png.rar
-
Size
659KB
-
Sample
210423-raefedh79a
-
MD5
8d257998290818e934b4b07851d9caf9
-
SHA1
659439bbc9f6d984e0443c0ce2abd2a242010def
-
SHA256
08d1225431604a297ab36cc4b46a4b43bfab9ec19ec33aa1c769c329c2b4d6c9
-
SHA512
c492b7ac0ee8254e5c5999a40788388325a077cadc1083fe753ef15954a627b3f68f28ffafa364f769f7082aef92cbca51cbceae89f489e08dce4e31b3914995
Static task
static1
Behavioral task
behavioral1
Sample
ae6854gfhj.png.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ae6854gfhj.png.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.qdsaes.com - Port:
587 - Username:
andy@qdsaes.com - Password:
)oNvVYl5ceo2121
Targets
-
-
Target
ae6854gfhj.png.exe
-
Size
860KB
-
MD5
2e70aa8d274bac9a4c82a34f861c5e9a
-
SHA1
e61ef3fe99c83b2f9d353cd9b77b2cf1a82646f8
-
SHA256
e416cddc262635af3d8ddf41cf9a021f57d51eed7542aa2c46e81bf88094b36c
-
SHA512
83cdb4033116ae74440c2a2c48ed30857365f6d40e5cca9146cee5bdf8f4ea8c6f9d34e1abbb80996f826b9f13f38975118627b8b9b09dca8e7fec421dea496d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-