General
-
Target
PO 98246.exe
-
Size
940KB
-
Sample
210727-75dqzxk6pj
-
MD5
87fb6b88ed5e0ad768dd1fb8fc9c46af
-
SHA1
739749390782129616a8a776ff745a748de3048a
-
SHA256
9cb1e7f66fe3c5e0ba2e1d525dddf593ceb57df41a49b874228c61322e6a4861
-
SHA512
e3c4177f3de2aecb953b0f6efed90d969e9a3d4254985ad4ae58a917554961164321570fcf83ae8e5d95c6c5f9fc008ce2c241faaad28c9b01bbc3f82d081ef5
Static task
static1
Behavioral task
behavioral1
Sample
PO 98246.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO 98246.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
gibson.1990
Targets
-
-
Target
PO 98246.exe
-
Size
940KB
-
MD5
87fb6b88ed5e0ad768dd1fb8fc9c46af
-
SHA1
739749390782129616a8a776ff745a748de3048a
-
SHA256
9cb1e7f66fe3c5e0ba2e1d525dddf593ceb57df41a49b874228c61322e6a4861
-
SHA512
e3c4177f3de2aecb953b0f6efed90d969e9a3d4254985ad4ae58a917554961164321570fcf83ae8e5d95c6c5f9fc008ce2c241faaad28c9b01bbc3f82d081ef5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-