General
-
Target
QAP 367893738 Ed 7 pcs.7z
-
Size
528KB
-
Sample
210728-5kt1kt8q3j
-
MD5
bb5fcb0b4b1d9ffd843fae6e85b80fc5
-
SHA1
cd40fff02d2e7a9c3052393f84836d469e8c8f9c
-
SHA256
5a6539dc7ba9f17d5abc3d26386b49140844bb5cafcaff2c1666f3fd54ffe73c
-
SHA512
a56af987e5e38ec87cef91ceca6cd0b90404c044cadaea6b09bb549c43b81cc46b0caedb6b698c0ec4094f32b48cc8fb1bfb8c93a584b5da664f4f18e1e3ecbb
Static task
static1
Behavioral task
behavioral1
Sample
QAP 367893738 Ed 7 pcs.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
QAP 367893738 Ed 7 pcs.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ojototheworld.us - Port:
587 - Username:
[email protected] - Password:
!wdHaaz9
Targets
-
-
Target
QAP 367893738 Ed 7 pcs.exe
-
Size
732KB
-
MD5
20f2885ae3ffb24d8a905b8714207d5b
-
SHA1
1716b4edb74f10e0e2f6b9df93e112eb6a6a7a95
-
SHA256
52588494e071e71a1c8f47311bd922432d1c721dc7b10ad69f86afc651bb056b
-
SHA512
84cc72dc95afc050f2eea8d8867c42993d0db46f03bcfe39fc1d60586d7540a198f329ba841dc679909a021705cfe51ee7b107d9bd029a4e95ec1ae58052eb3e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-