General
-
Target
SHIPPING DOCUMENT & PL.exe
-
Size
465KB
-
Sample
211202-pgldfsbbf6
-
MD5
d24c7a40d621572c5de0d58ed1faac28
-
SHA1
1fc2634401142c79be427671382cd3ea99e4c312
-
SHA256
cdbf59639275f9eac2802feb599b57e8178f5f5170f389d667f359f75c56ecd3
-
SHA512
65b0f65244ec6a758264aa0f92a33180c164922db18d0d34663cbd14246f2949f77a6e2da0c7d5802fc40628ab3cfc334cb1b0979af061242b7f6f9a746854e2
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENT & PL.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENT & PL.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.demo.jeninfo.com - Port:
587 - Username:
[email protected] - Password:
%e&qapQ3oNkx
Targets
-
-
Target
SHIPPING DOCUMENT & PL.exe
-
Size
465KB
-
MD5
d24c7a40d621572c5de0d58ed1faac28
-
SHA1
1fc2634401142c79be427671382cd3ea99e4c312
-
SHA256
cdbf59639275f9eac2802feb599b57e8178f5f5170f389d667f359f75c56ecd3
-
SHA512
65b0f65244ec6a758264aa0f92a33180c164922db18d0d34663cbd14246f2949f77a6e2da0c7d5802fc40628ab3cfc334cb1b0979af061242b7f6f9a746854e2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-