General
-
Target
1.ppam
-
Size
11KB
-
Sample
211018-lhmq5aecar
-
MD5
e5a35f8c565ddea415804d4b05244e28
-
SHA1
47d030e20b324c3706d652b2a562a61547e14fbd
-
SHA256
22da4275847d5be9f1d21df99c3f51be09d31be7942940732d311b030c62eeb0
-
SHA512
022d032f791e30e19a4c82a4e17cacaf238618c0f635bb94e747d7769093da575b2577fe95174d7b747b29909232d69df1a7135d9e3db640de947ce9dc21ffdf
Static task
static1
Behavioral task
behavioral1
Sample
1.ppam
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
1.ppam
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
1.ppam
-
Size
11KB
-
MD5
e5a35f8c565ddea415804d4b05244e28
-
SHA1
47d030e20b324c3706d652b2a562a61547e14fbd
-
SHA256
22da4275847d5be9f1d21df99c3f51be09d31be7942940732d311b030c62eeb0
-
SHA512
022d032f791e30e19a4c82a4e17cacaf238618c0f635bb94e747d7769093da575b2577fe95174d7b747b29909232d69df1a7135d9e3db640de947ce9dc21ffdf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-