General
-
Target
PO.#4500499953.exe
-
Size
883KB
-
Sample
210511-a9eged2nhx
-
MD5
0c3098e9105cbea5e2d6ab99849afaeb
-
SHA1
35286653ce0368bef6a4344c4275279c60d2471e
-
SHA256
091941767ac84ff519693960cd6cb15e799da88cd08477977ec10fad6fe00b4d
-
SHA512
6b4221f84a1f9731c6cfbecc7c06c340d39d60cdafbcf44220a8eed5009627d03bc01e52b41997f72d10b323d4b6ab2786c99a0ad6334962a05f1ee4a7e6e382
Static task
static1
Behavioral task
behavioral1
Sample
PO.#4500499953.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO.#4500499953.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
wasstech.com - Port:
587 - Username:
rasha.adel@wasstech.com - Password:
Sunray2700@@
Targets
-
-
Target
PO.#4500499953.exe
-
Size
883KB
-
MD5
0c3098e9105cbea5e2d6ab99849afaeb
-
SHA1
35286653ce0368bef6a4344c4275279c60d2471e
-
SHA256
091941767ac84ff519693960cd6cb15e799da88cd08477977ec10fad6fe00b4d
-
SHA512
6b4221f84a1f9731c6cfbecc7c06c340d39d60cdafbcf44220a8eed5009627d03bc01e52b41997f72d10b323d4b6ab2786c99a0ad6334962a05f1ee4a7e6e382
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-