General
-
Target
HLG 21665-PSI-October -2021.zip
-
Size
455KB
-
Sample
211019-byb98agaen
-
MD5
ffc74c2bae804987e6f31db45406c99b
-
SHA1
3aad70320ae662227d62269abf1d55f4d38e2f8b
-
SHA256
d2a3560a21206f97042705f8716f3b4e05088eaa202c601016d772b6afa73b79
-
SHA512
50fd648288b105662ced88b0e0cd5a873931b8a816c36d0401d7fd13497265c18ff6f4cbd6a8530c2f2b5aa9c46f29dda2b1cf17b696f7483a0ef7da56d0c0b5
Static task
static1
Behavioral task
behavioral1
Sample
HLG 21665-PSI-October -2021,PDF.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
HLG 21665-PSI-October -2021,PDF.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
transportescascao.com - Port:
587 - Username:
[email protected] - Password:
CasMan123*
Targets
-
-
Target
HLG 21665-PSI-October -2021,PDF.exe
-
Size
546KB
-
MD5
b61ee97598d4a4800372f1377b428668
-
SHA1
4829f88c43ad29c5b2fc4d8ed7473ec1a459d5fd
-
SHA256
a7c4c408c51d3a96529c48115fa084c2c49bc9dbf0c9a4067c7cb35753852e43
-
SHA512
92d19d527d7f7a7541e8c3093582a870082823ce697209a9a5c574c28c93f6cf95f30d4100958ad477176111bbb81566e440e0a19158e5ef7965de9013c1e126
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-