General
-
Target
aggah.ps1
-
Size
759KB
-
Sample
211019-vf7g7ahbcm
-
MD5
3437960e7b594bb64c41beb01415ce4f
-
SHA1
68c6e4938eb4879e8ee08d808dc6d328d2664ad1
-
SHA256
bb235e99c7447f3782eff5edf2a2ed83e66246743e098f12269def2812f53ea5
-
SHA512
1ef17671b3eaf6d4b9c063880f2d7c84b8b82100298127b508e51e54f10839e19f47077a8545b41b7199f3202990522ac198a7b561316ee1a8d527349eae52c8
Static task
static1
Behavioral task
behavioral1
Sample
aggah.ps1
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
aggah.ps1
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
http://103.125.190.248/j/p13n/mawa/b04042b22b2b6179257d.php
Targets
-
-
Target
aggah.ps1
-
Size
759KB
-
MD5
3437960e7b594bb64c41beb01415ce4f
-
SHA1
68c6e4938eb4879e8ee08d808dc6d328d2664ad1
-
SHA256
bb235e99c7447f3782eff5edf2a2ed83e66246743e098f12269def2812f53ea5
-
SHA512
1ef17671b3eaf6d4b9c063880f2d7c84b8b82100298127b508e51e54f10839e19f47077a8545b41b7199f3202990522ac198a7b561316ee1a8d527349eae52c8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-