General
-
Target
ap48HeATQYHcrwN.exe
-
Size
437KB
-
Sample
211020-l9nshaghc7
-
MD5
9b22dc57a731a0a502a43597b27128bf
-
SHA1
a04e5092ceeb4cef232ca35eb7b1bb10b39ed8d0
-
SHA256
186105dca5f36d5109a075a9b4a9eac5114e34377cacc519dcd6f5cf0541c9f3
-
SHA512
e94f3866385ceeaeebfc401d154fc81dfa6f10475df98eee2888269cbc58b7a1560231cf76552239902efbb20de89a9199763595dd95e41b4e58ab60694e09fb
Static task
static1
Behavioral task
behavioral1
Sample
ap48HeATQYHcrwN.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ap48HeATQYHcrwN.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.priserveinfra.com - Port:
587 - Username:
[email protected] - Password:
oppipl121019
Targets
-
-
Target
ap48HeATQYHcrwN.exe
-
Size
437KB
-
MD5
9b22dc57a731a0a502a43597b27128bf
-
SHA1
a04e5092ceeb4cef232ca35eb7b1bb10b39ed8d0
-
SHA256
186105dca5f36d5109a075a9b4a9eac5114e34377cacc519dcd6f5cf0541c9f3
-
SHA512
e94f3866385ceeaeebfc401d154fc81dfa6f10475df98eee2888269cbc58b7a1560231cf76552239902efbb20de89a9199763595dd95e41b4e58ab60694e09fb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-