General
-
Target
Frf2b7tUOkywkj5.exe
-
Size
502KB
-
Sample
211021-n71qdsacb9
-
MD5
344335ddee3673ca4ab2eec0e372292e
-
SHA1
b7ffa01031bb88a86e470a093b43583dbf91e53c
-
SHA256
e8c58f0c957d324b580758d326ac89fef7e2798e7340873383954c4a1420e9d0
-
SHA512
b831f6af33ec946f7be01bd212c8ae604c10ab92ecf923ae44cfc0738548c0b3009186af7f6f03337a0e4ecbd815537435a3864107a5c074cf8daef4492a0f03
Static task
static1
Behavioral task
behavioral1
Sample
Frf2b7tUOkywkj5.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Frf2b7tUOkywkj5.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.priserveinfra.com - Port:
587 - Username:
operations@priserveinfra.com - Password:
oppipl121019
Targets
-
-
Target
Frf2b7tUOkywkj5.exe
-
Size
502KB
-
MD5
344335ddee3673ca4ab2eec0e372292e
-
SHA1
b7ffa01031bb88a86e470a093b43583dbf91e53c
-
SHA256
e8c58f0c957d324b580758d326ac89fef7e2798e7340873383954c4a1420e9d0
-
SHA512
b831f6af33ec946f7be01bd212c8ae604c10ab92ecf923ae44cfc0738548c0b3009186af7f6f03337a0e4ecbd815537435a3864107a5c074cf8daef4492a0f03
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-