General
-
Target
TA9015--AA-TA9015-000786-AA-TA9015--AA-TA9015.exe
-
Size
16KB
-
Sample
211020-s6dxfsabdp
-
MD5
dcfe19f5a28fceb847078bd83baab527
-
SHA1
6b62e6c64b1c6683c6c2a2ae6b999e7b11e2fc48
-
SHA256
5e39ec87eb191e2c82689da4b6b3efe68a33601f1c14def81004d66893d582df
-
SHA512
3962921fb287df7141f57aafc16fce34703d3dd881b1e844781fdced31abee756f58f44a251aa461536f391fe8f951cc6f7f69ddd86a11fc015eef9283c07d51
Static task
static1
Behavioral task
behavioral1
Sample
TA9015--AA-TA9015-000786-AA-TA9015--AA-TA9015.exe
Resource
win7-en-20211014
Malware Config
Extracted
asyncrat
0.5.7B
Default
ntlplaast11.duckdns.org:6606
ntlplaast11.duckdns.org:7707
ntlplaast11.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Extracted
agenttesla
Protocol: smtp- Host:
mail.kemalpasaosgb.com.tr - Port:
587 - Username:
bilgi@kemalpasaosgb.com.tr - Password:
12101996
Targets
-
-
Target
TA9015--AA-TA9015-000786-AA-TA9015--AA-TA9015.exe
-
Size
16KB
-
MD5
dcfe19f5a28fceb847078bd83baab527
-
SHA1
6b62e6c64b1c6683c6c2a2ae6b999e7b11e2fc48
-
SHA256
5e39ec87eb191e2c82689da4b6b3efe68a33601f1c14def81004d66893d582df
-
SHA512
3962921fb287df7141f57aafc16fce34703d3dd881b1e844781fdced31abee756f58f44a251aa461536f391fe8f951cc6f7f69ddd86a11fc015eef9283c07d51
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-