General
-
Target
Order No. 286353,.zip
-
Size
372KB
-
Sample
211019-shetvahaal
-
MD5
b3e07b0802694c2ed28a28a96cb7635c
-
SHA1
48a3fb1e27775929ffda5543b406257ae3952771
-
SHA256
67bcd8b85406ff4a22839574c02879719a91e6e6f7e36c691bfa5b54dd6aa646
-
SHA512
8196e8751acd50214e77ee47819194bf2fcd98328a7d1b97a4f5e7965bb04a0c433508ff2beece1812463133da24fa63106ba139e8e517715cfc57195a6e2baf
Static task
static1
Behavioral task
behavioral1
Sample
quj5eQiH0pvKKhn.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
quj5eQiH0pvKKhn.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.upgcambodia.com - Port:
587 - Username:
[email protected] - Password:
stock3168
Targets
-
-
Target
quj5eQiH0pvKKhn.exe
-
Size
395KB
-
MD5
cd9893216c015b03a70d5ed52a7bd7f9
-
SHA1
f941ecb689ead0579ab3c6e4a103fe67a5fef0c0
-
SHA256
4c606e776efff1f168bb35220f9704826dc425c8f578e61c5923a3586e9da063
-
SHA512
f69747f1810c9428bd0d120480f81945934cbbbdab5b5849c9835b6cfb9f61fa2ce258714f33067113339bff02ae433c92a95865eb3b389bba4ee106f8cf866d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-