General
-
Target
AWB 302-07379411-21.exe
-
Size
724KB
-
Sample
211024-np1bxadgh4
-
MD5
7d160eccbfdf241886c85a0a18a40335
-
SHA1
01e4291ff7cbc5353b1dbaeee5c97b3e188ff9c3
-
SHA256
6973bba6867ecf5183846ae49c92c5e62a14c527608243e5fbbadca9c355f7d7
-
SHA512
e1af7f8b37e57f41f94a27b78cc0c94887405755d348bf677fe4dda7f15d834ac7cc10b408ef1697360701237a015e35aa1303b7b6cba31641e57c0d9b034b49
Static task
static1
Behavioral task
behavioral1
Sample
AWB 302-07379411-21.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
AWB 302-07379411-21.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prinutrition.com - Port:
587 - Username:
forrest@prinutrition.com - Password:
forrest
Targets
-
-
Target
AWB 302-07379411-21.exe
-
Size
724KB
-
MD5
7d160eccbfdf241886c85a0a18a40335
-
SHA1
01e4291ff7cbc5353b1dbaeee5c97b3e188ff9c3
-
SHA256
6973bba6867ecf5183846ae49c92c5e62a14c527608243e5fbbadca9c355f7d7
-
SHA512
e1af7f8b37e57f41f94a27b78cc0c94887405755d348bf677fe4dda7f15d834ac7cc10b408ef1697360701237a015e35aa1303b7b6cba31641e57c0d9b034b49
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-