General
-
Target
BL DRAFT COPY.zip
-
Size
467KB
-
Sample
211202-p7wbcabff3
-
MD5
c9312caaebc0c09d05c67f7d80d9c721
-
SHA1
667c44cb9fe9b82fd07874b5f18a88c5645dbe4c
-
SHA256
ecdcf1a0cc24f0c456eed1c08f60fb2fc0b369394f3216a1fe7211923a3f936b
-
SHA512
e98c02014ecdcba92df3ca4e8e19904d09a420a375b9c156f34085fb49b449f5856b67ada59b247c164a7837b53ecf97d001c2434e7c07a0157f0fcb2ca9b839
Static task
static1
Behavioral task
behavioral1
Sample
BL DRAFT COPY.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
BL DRAFT COPY.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dieseltronic.com.pe - Port:
587 - Username:
[email protected] - Password:
Asdiesel2019@?%%%,
Targets
-
-
Target
BL DRAFT COPY.exe
-
Size
571KB
-
MD5
38b5e64b40b7385e941853fafcca52ed
-
SHA1
3500d74b58a12151a541865eb72e54dc97553a8f
-
SHA256
0a15fc96322463009c95cafcf720acb2eb9dbee7baffbd1131532891db885a6e
-
SHA512
33b99a75e63d5d4497ef6a85e2a9f6cd3248a1110acec2864457b300194acdd582d9da6e932d9abca9265613495bbc753777066d4181462aef08862b89f96d6a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-