General
-
Target
1GodZQSdFlq3u6C.exe
-
Size
416KB
-
Sample
211021-bdevlsafbl
-
MD5
412321287fef0b7a10f378d6fc3f3ccd
-
SHA1
99e67585c0374ee54dfb9ffffddf4945f73f1b4f
-
SHA256
73a586d7ca79fec396b175728166d48322e002cf6b9b4b2aabda668378b38304
-
SHA512
02c2e4fa8a06ca69f72d0a6855acf6d47d26512be15c3bf4633c2698b00e9c06ea277640a4c35e218d6540e8fb8d9706533512884522c12e7986a5dfd53976cd
Static task
static1
Behavioral task
behavioral1
Sample
1GodZQSdFlq3u6C.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
1GodZQSdFlq3u6C.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lahaciendamontericogrande.com.pe - Port:
587 - Username:
eduardo@lahaciendamontericogrande.com.pe - Password:
e$$
Targets
-
-
Target
1GodZQSdFlq3u6C.exe
-
Size
416KB
-
MD5
412321287fef0b7a10f378d6fc3f3ccd
-
SHA1
99e67585c0374ee54dfb9ffffddf4945f73f1b4f
-
SHA256
73a586d7ca79fec396b175728166d48322e002cf6b9b4b2aabda668378b38304
-
SHA512
02c2e4fa8a06ca69f72d0a6855acf6d47d26512be15c3bf4633c2698b00e9c06ea277640a4c35e218d6540e8fb8d9706533512884522c12e7986a5dfd53976cd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-