General
-
Target
DOCUMENT.exe
-
Size
488KB
-
Sample
211201-rn2ecschaq
-
MD5
6812d384da2903359c89789715573971
-
SHA1
ecf388668fad2da58eb805383052cf4edece649d
-
SHA256
925c73a3df8d17a05c817d9b19d8dafeeaf208f23de3f8087107372d529076ab
-
SHA512
16c8c092e788829a54bb824bb2ab223056e38fef240c734bdf225a893b69104cc4506014ca2d5040b1f11567ce908ca65398f3efeb344047535ddb93741e2a52
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DOCUMENT.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scsgroups.com - Port:
587 - Username:
[email protected] - Password:
Scs@looi1007
Targets
-
-
Target
DOCUMENT.exe
-
Size
488KB
-
MD5
6812d384da2903359c89789715573971
-
SHA1
ecf388668fad2da58eb805383052cf4edece649d
-
SHA256
925c73a3df8d17a05c817d9b19d8dafeeaf208f23de3f8087107372d529076ab
-
SHA512
16c8c092e788829a54bb824bb2ab223056e38fef240c734bdf225a893b69104cc4506014ca2d5040b1f11567ce908ca65398f3efeb344047535ddb93741e2a52
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-