General
-
Target
PO4466398466474.bat
-
Size
959KB
-
Sample
211215-he8yeagha4
-
MD5
669ee0d1c9b67ebda5cf3a22a4bbc291
-
SHA1
c9df566101db1f31099b56c15f9f158c0b126994
-
SHA256
1a38d6405f32c9c305a39a7f909cdc0834208fbd6ad1435bfd0794386ce71878
-
SHA512
77e6f8bf9fbbd500a6d122fb1a0345079987d81bd89559c7e4c20ee7c10045c55e49cacd28c919336c83603a228c7c3a303ac804e7486a0c5e33d6f694711777
Static task
static1
Behavioral task
behavioral1
Sample
PO4466398466474.bat.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PO4466398466474.bat.exe
Resource
win10-en-20211208
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shivfurnishings.com - Port:
587 - Username:
acc@shivfurnishings.com - Password:
Chibuonyenze8888
Targets
-
-
Target
PO4466398466474.bat
-
Size
959KB
-
MD5
669ee0d1c9b67ebda5cf3a22a4bbc291
-
SHA1
c9df566101db1f31099b56c15f9f158c0b126994
-
SHA256
1a38d6405f32c9c305a39a7f909cdc0834208fbd6ad1435bfd0794386ce71878
-
SHA512
77e6f8bf9fbbd500a6d122fb1a0345079987d81bd89559c7e4c20ee7c10045c55e49cacd28c919336c83603a228c7c3a303ac804e7486a0c5e33d6f694711777
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-