General
-
Target
money $.exe
-
Size
442KB
-
Sample
211018-eegx5sdaf6
-
MD5
ab7585441ef37e3becc9e16291c9a183
-
SHA1
6d734d333844615524faad5ff0c5c197998e0e95
-
SHA256
603f8bb918cf97d86b4e20c72ebd9138160475c24e7633b5cc4f7c7739b0203d
-
SHA512
4ea5f4edb9a37938bd532e6648a372dd0a2b237e663661e7dbcf9b889aa04e9ec6eecd8f03aaf71d77990013a8780b930192e02e5a9394b56cb326451ff0d769
Static task
static1
Behavioral task
behavioral1
Sample
money $.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
money $.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.upgcambodia.com - Port:
587 - Username:
[email protected] - Password:
stock3168
Targets
-
-
Target
money $.exe
-
Size
442KB
-
MD5
ab7585441ef37e3becc9e16291c9a183
-
SHA1
6d734d333844615524faad5ff0c5c197998e0e95
-
SHA256
603f8bb918cf97d86b4e20c72ebd9138160475c24e7633b5cc4f7c7739b0203d
-
SHA512
4ea5f4edb9a37938bd532e6648a372dd0a2b237e663661e7dbcf9b889aa04e9ec6eecd8f03aaf71d77990013a8780b930192e02e5a9394b56cb326451ff0d769
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-