General
-
Target
Technical Drawing Specification.exe
-
Size
1.1MB
-
Sample
210722-6hf1wgbqpj
-
MD5
ad0aa820dcbc9a5e4287457c8eaf6cdb
-
SHA1
366b710a60122772ca55b7dbc7a01a64ff9c848f
-
SHA256
1f36a33a58c5ff8769f6476da0bce547f0dee33b6128cb95b27e6074fc920f5f
-
SHA512
a0574d7e042a64d3251ae114593aa05cb0aa023d1c402ad25ea7394e97ec5828a6b3c22ec983362bb1908352922743908da2ecc614ea1f932b9fb56dfe4c70f8
Static task
static1
Behavioral task
behavioral1
Sample
Technical Drawing Specification.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Technical Drawing Specification.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mhoteljakarta.com - Port:
587 - Username:
info@mhoteljakarta.com - Password:
infom27
Targets
-
-
Target
Technical Drawing Specification.exe
-
Size
1.1MB
-
MD5
ad0aa820dcbc9a5e4287457c8eaf6cdb
-
SHA1
366b710a60122772ca55b7dbc7a01a64ff9c848f
-
SHA256
1f36a33a58c5ff8769f6476da0bce547f0dee33b6128cb95b27e6074fc920f5f
-
SHA512
a0574d7e042a64d3251ae114593aa05cb0aa023d1c402ad25ea7394e97ec5828a6b3c22ec983362bb1908352922743908da2ecc614ea1f932b9fb56dfe4c70f8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-