General
-
Target
Project AC (Minutes of meeting).r00
-
Size
421KB
-
Sample
211203-s7dyvabhf7
-
MD5
b31df9408475ade848022d00d6fab5cc
-
SHA1
03039266a550b206a10f5c0fe228933d1cb12ec8
-
SHA256
6d05f15586c2e9b214b64df08320eb58540fa2700e99a8cf4214b5cdd982ca4f
-
SHA512
9c1e0ff7d929d92f017c98bc365a12400559f2e6b66b191c9c584cf1766ad172e862b103e245802c1af56771dbb5366c6352dde644451a06c23722ce8010790e
Static task
static1
Behavioral task
behavioral1
Sample
Project AC (Minutes of meeting).exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Project AC (Minutes of meeting).exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2124462934:AAGr-L06waDdFGpnKJz3_DCOFcJpWDQ7WIM/sendDocument
Targets
-
-
Target
Project AC (Minutes of meeting).exe
-
Size
476KB
-
MD5
0a3a1385c70ecec991de3baf9ea504e8
-
SHA1
86816fa13e9cba505c8566460d40d83d38e8d0aa
-
SHA256
bc1c5068758bf788a3e39e19e6eb76d8cc3600b1c7cc0e710cf960a9e7cf3f1c
-
SHA512
ec7a49086923aaf1abc01f1a83416c112b8465d852eaf907e459e8f5c0d25a31c9a15632317b1e3408a19dacd8ed9f5d7614a8bca1e7ee9bd2e135b92c407569
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-