General
-
Target
CI&PL-AWB-HEL-21-324-1.zip
-
Size
387KB
-
Sample
211018-h5597seagk
-
MD5
e61588d0729ecc06f559537d258ffd91
-
SHA1
7421bd486c14dd3df9f520f1e4224806e6c823d5
-
SHA256
53acd70a0b9a9463116c92c3f0d43faca4ccf8d6922117936ca4f53de6398403
-
SHA512
145d563ba528fe9d5b3f0e86efde4ecf62a8e64e2a696db022aa4af89caff34b8356a3e8fafdaae72481f260943b582be648dcb042d7d8d0d4906b4be2ff7122
Static task
static1
Behavioral task
behavioral1
Sample
CI&PL-AWB-HEL-21-324-1.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
CI&PL-AWB-HEL-21-324-1.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prinutrition.com - Port:
587 - Username:
[email protected] - Password:
forrest
Targets
-
-
Target
CI&PL-AWB-HEL-21-324-1.exe
-
Size
444KB
-
MD5
e8ae8fe8fa5d7c83e3ebe26389eae1f8
-
SHA1
6fc0dd32bb26b5b85e4ae4b81a86bb80a1fd414b
-
SHA256
92175af7571463e2114e8c8cd62de70ce9dd6757b67c77a051b0f6f2e52e30fe
-
SHA512
f31fc6d145078569b4932178c6f62bcff3f96da5aed2853a8eb5d5590ceb0c6d30fc6293ac4a75c4207f218dcbba8840035e5c0524d23ee98fed5b01450b5a42
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-