General
-
Target
pymt Advice 121.zip
-
Size
406KB
-
Sample
211021-hjkrdahhh3
-
MD5
8940446d6789d980d40cb3bef541bf9d
-
SHA1
df622c62d34f2ae81e537bee81117dc31274a532
-
SHA256
8be3d9fb5ce2c1c187244380cd93ae8282b3e1b9c8f2dfc00a935c078bf464e3
-
SHA512
2ae7ba68ac9b33795f58272578b1e6250a9daf600fbd8f3d7a09748978b43983764cce779ed7b61cc7575b1b88d64aa80dbfa3ad67c6284c9c254c25f03abe80
Static task
static1
Behavioral task
behavioral1
Sample
PqtuwQbAQoqcY27.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PqtuwQbAQoqcY27.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.upgcambodia.com - Port:
587 - Username:
stock@upgcambodia.com - Password:
stock3168
Targets
-
-
Target
PqtuwQbAQoqcY27.exe
-
Size
468KB
-
MD5
b77e4a6f2c6abab6cf1dc6d4ab5dac2a
-
SHA1
a9c585aac523a7d643b5fbf5c6e722123a5f9dde
-
SHA256
bc83ce6a585ef0217f5088832b31be76b70a4e3b2c6e8212995c64cf71b7ded4
-
SHA512
331977a56172144cf6c8d21ec091a3b913c7815242433335651a5d1c99c4b11a484246fc5b5fd05c89fdc54b64a8731f136c3698c646d1b8b9b753da3388bdc0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-