General
-
Target
quj5eQiH0pvKKhn.exe
-
Size
395KB
-
Sample
211019-qvrcasggcq
-
MD5
cd9893216c015b03a70d5ed52a7bd7f9
-
SHA1
f941ecb689ead0579ab3c6e4a103fe67a5fef0c0
-
SHA256
4c606e776efff1f168bb35220f9704826dc425c8f578e61c5923a3586e9da063
-
SHA512
f69747f1810c9428bd0d120480f81945934cbbbdab5b5849c9835b6cfb9f61fa2ce258714f33067113339bff02ae433c92a95865eb3b389bba4ee106f8cf866d
Static task
static1
Behavioral task
behavioral1
Sample
quj5eQiH0pvKKhn.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
quj5eQiH0pvKKhn.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.upgcambodia.com - Port:
587 - Username:
[email protected] - Password:
stock3168
Targets
-
-
Target
quj5eQiH0pvKKhn.exe
-
Size
395KB
-
MD5
cd9893216c015b03a70d5ed52a7bd7f9
-
SHA1
f941ecb689ead0579ab3c6e4a103fe67a5fef0c0
-
SHA256
4c606e776efff1f168bb35220f9704826dc425c8f578e61c5923a3586e9da063
-
SHA512
f69747f1810c9428bd0d120480f81945934cbbbdab5b5849c9835b6cfb9f61fa2ce258714f33067113339bff02ae433c92a95865eb3b389bba4ee106f8cf866d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-