General
-
Target
PARKING LIST.zip
-
Size
467KB
-
Sample
211202-qarsbsbgb4
-
MD5
60c813f9b6c6da24237aa2f9133ef30e
-
SHA1
8bb4c28d88c1129b78dc02e42ac75f1170e50523
-
SHA256
2e09f4d6c413884241ff3dccd26e0821459e6d84cb2797612108fd7c2fe49ebe
-
SHA512
239ae51fd758ea1b8157a6596c97424ce682ad80119bb1f8b303be3b51ff4cdb705873dd5d5c5abdec04e5520e3a5399d80202e2adffed15f1ab263cd3e4b0ed
Static task
static1
Behavioral task
behavioral1
Sample
PARKING LIST.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
PARKING LIST.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dieseltronic.com.pe - Port:
587 - Username:
asistente@dieseltronic.com.pe - Password:
Asdiesel2019@?%%%,
Targets
-
-
Target
PARKING LIST.exe
-
Size
571KB
-
MD5
38b5e64b40b7385e941853fafcca52ed
-
SHA1
3500d74b58a12151a541865eb72e54dc97553a8f
-
SHA256
0a15fc96322463009c95cafcf720acb2eb9dbee7baffbd1131532891db885a6e
-
SHA512
33b99a75e63d5d4497ef6a85e2a9f6cd3248a1110acec2864457b300194acdd582d9da6e932d9abca9265613495bbc753777066d4181462aef08862b89f96d6a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-