General
-
Target
DOCUMENT No. 4 & 5.rar
-
Size
412KB
-
Sample
211203-snfy4abhd2
-
MD5
e07533a3fe467c5c69b60eb6deeb6cc3
-
SHA1
ef2babfc7b5f1c41ca8572da93427e275a4cf378
-
SHA256
b141faddbcb0caebf4aee4b27128609d2a254719da84371a64867bb3ef27be3a
-
SHA512
c59dc9be19e6da5c59d3665e33b4ad6806293b04e139cf1cee128cbf7b4b820fdacd7a758864121b18b3756fc4b998a3ddb6f5b69ea6253a7fb3e97a9581defd
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT No. 4 & 5.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DOCUMENT No. 4 & 5.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scahe.co.in - Port:
587 - Username:
[email protected] - Password:
scaheavy@12345
Targets
-
-
Target
DOCUMENT No. 4 & 5.exe
-
Size
543KB
-
MD5
83600f4b738720bfdd0f0a65d3398a79
-
SHA1
ac1e74674eee3c0249c9bedfe041c90bd83327f5
-
SHA256
c5f0b11cba973a4b098ef858ae755ef0e6353296ae998503eafb3a67fa21d1c0
-
SHA512
35e767959b6deb51323414f1875aac16d1b68d79c87eb834fd0bfd6ca4d5165d35dbc7b6dab2b57cff1d70fde0fd6d6fb9878983b95cd21961378b2a5511502e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-