General
-
Target
PI.rar
-
Size
573KB
-
Sample
211014-fj4s5sgadj
-
MD5
4cf1d7d7aef2d7a481dbc39186720e7e
-
SHA1
5a28903bc81007cd8ded0f9c243f443f6ed45e6a
-
SHA256
4f6618eacd0e379b7164439c586be7da42931451893158f2b4f697f0166130aa
-
SHA512
e3bd01731992c3dc9e2c9a0d6dba7602c137e2b693b979dbb17b33dda5568d812d1ea11abbef550537e2e0e3868e9519e38f88d1e8d2fcfe6ba01ad5627aa1e3
Static task
static1
Behavioral task
behavioral1
Sample
PI.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PI.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jeevalabs.com - Port:
587 - Username:
account@jeevalabs.com - Password:
jeeva@123
Targets
-
-
Target
PI.exe
-
Size
993KB
-
MD5
59f7f57b8d6c0e55493eec56977d7cb4
-
SHA1
0740bebf070c16fca8aa5c0fada48edcc1bd9f12
-
SHA256
c932b6a0cbaa454668d2429d433fec76e7e544bb26b5bd1865a86aac4fa33434
-
SHA512
259d52573bb4f97a4d9158d2d2f53b4ea6cee27efbc8e7ffe4962ae705eb36d220e19babee78b3737e3e5bc0ab99decfc6c977aa99faf4c1abc9e445eabb3e62
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-