General
-
Target
PICTURE DRAWING DESIGN.exe
-
Size
986KB
-
Sample
211130-jxpsxshec2
-
MD5
bbc6caf6cfe3428798205216c2df85e1
-
SHA1
ac68d4c0eb019bb5586057d2deb2174af18ad45a
-
SHA256
eb869a427757689033110327cdcfbe5d406a47f60b3529b8903b0d00c1deb6e3
-
SHA512
51dfda000e6dbb2f142c09e129b6fd87884ef3b642d289d69e2ceeee57d95386f22372bfb18038225d7bf37d5521776d7f072a2af174e1cfeb27d1df2565707b
Static task
static1
Behavioral task
behavioral1
Sample
PICTURE DRAWING DESIGN.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
PICTURE DRAWING DESIGN.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.schoolofspanish.co.za - Port:
587 - Username:
vds@schoolofspanish.co.za - Password:
%pJ@=BsZ?pQv
Targets
-
-
Target
PICTURE DRAWING DESIGN.exe
-
Size
986KB
-
MD5
bbc6caf6cfe3428798205216c2df85e1
-
SHA1
ac68d4c0eb019bb5586057d2deb2174af18ad45a
-
SHA256
eb869a427757689033110327cdcfbe5d406a47f60b3529b8903b0d00c1deb6e3
-
SHA512
51dfda000e6dbb2f142c09e129b6fd87884ef3b642d289d69e2ceeee57d95386f22372bfb18038225d7bf37d5521776d7f072a2af174e1cfeb27d1df2565707b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-