General
-
Target
Order no. A2100032-Promax.exe
-
Size
412KB
-
Sample
211020-jepefahfhl
-
MD5
f162e0d322d316e0c5e6fe6fa189f8b2
-
SHA1
199d2d3add48fddae25738aac7f3e53a82285867
-
SHA256
a6611b4911ed4f0160e500181c690ff5df4f2f5bb4c14a95c34206acdcf2a304
-
SHA512
8108e54ee5fb63ac5aad231e3335cf32545dbecad70c75b2f0fb8a1cbbfc218007da5e72bf1bcb13fdc791acef7ba3a9e1368c6eec034b859e058e2fc4cd39a7
Static task
static1
Behavioral task
behavioral1
Sample
Order no. A2100032-Promax.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Order no. A2100032-Promax.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@UncleJasper1234
Targets
-
-
Target
Order no. A2100032-Promax.exe
-
Size
412KB
-
MD5
f162e0d322d316e0c5e6fe6fa189f8b2
-
SHA1
199d2d3add48fddae25738aac7f3e53a82285867
-
SHA256
a6611b4911ed4f0160e500181c690ff5df4f2f5bb4c14a95c34206acdcf2a304
-
SHA512
8108e54ee5fb63ac5aad231e3335cf32545dbecad70c75b2f0fb8a1cbbfc218007da5e72bf1bcb13fdc791acef7ba3a9e1368c6eec034b859e058e2fc4cd39a7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-