General
-
Target
PR4007-PO161.exe
-
Size
829KB
-
Sample
210727-7s3pskva42
-
MD5
e70025359ef960acb7a37572b0641ed2
-
SHA1
a315ab77f2519de210727579b8cf98338144f105
-
SHA256
650032961db3668f23cabc3c999e1efddae68bd77a9751de212d8ed9b719821e
-
SHA512
7f7b91c83a51a95731b112cbe29a682fde5df678155ec66186e87ac67200655dc6bf97c3d37026e0e4b3b26b4a265e366fafbb511ae38650c5b2645c71dca675
Static task
static1
Behavioral task
behavioral1
Sample
PR4007-PO161.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PR4007-PO161.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.afciphil.com.ph - Port:
587 - Username:
[email protected] - Password:
r35eCaR@t4
Targets
-
-
Target
PR4007-PO161.exe
-
Size
829KB
-
MD5
e70025359ef960acb7a37572b0641ed2
-
SHA1
a315ab77f2519de210727579b8cf98338144f105
-
SHA256
650032961db3668f23cabc3c999e1efddae68bd77a9751de212d8ed9b719821e
-
SHA512
7f7b91c83a51a95731b112cbe29a682fde5df678155ec66186e87ac67200655dc6bf97c3d37026e0e4b3b26b4a265e366fafbb511ae38650c5b2645c71dca675
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-