General
-
Target
Ningbo_Past Due.exe
-
Size
1.4MB
-
Sample
210423-v53l1qr89s
-
MD5
bdbcd55b9e36b751aa5e5252f0ce63bf
-
SHA1
43f00d3645f6e964064693b129bb34dc4c540d56
-
SHA256
f7f16e3f986d079a1cea095ae0b8c8924e3bd0d275bfece8ed8f396db100821b
-
SHA512
78660e6b52514f6be39b81c17542284cfb82cb785ca832e96b1aebc5b9c2bd7b8df5ff25473229b61febdc62474170b5e21e0ff55de9bf74b7765cbc03ee2c9b
Static task
static1
Behavioral task
behavioral1
Sample
Ningbo_Past Due.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Ningbo_Past Due.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mdist.us - Port:
587 - Username:
pos@mdist.us - Password:
pos#4321
Targets
-
-
Target
Ningbo_Past Due.exe
-
Size
1.4MB
-
MD5
bdbcd55b9e36b751aa5e5252f0ce63bf
-
SHA1
43f00d3645f6e964064693b129bb34dc4c540d56
-
SHA256
f7f16e3f986d079a1cea095ae0b8c8924e3bd0d275bfece8ed8f396db100821b
-
SHA512
78660e6b52514f6be39b81c17542284cfb82cb785ca832e96b1aebc5b9c2bd7b8df5ff25473229b61febdc62474170b5e21e0ff55de9bf74b7765cbc03ee2c9b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-