General
-
Target
9d9d7ca207a922cb738b05ba28e8cc471d81e826d54dd0e35b74e1a826379f69
-
Size
1.6MB
-
Sample
220520-2spapsahhk
-
MD5
5b23036fab0397274bd9c4dfb96c44fc
-
SHA1
38b2415fa86bbfda429a2e5a461bca520e7ed153
-
SHA256
9d9d7ca207a922cb738b05ba28e8cc471d81e826d54dd0e35b74e1a826379f69
-
SHA512
96a17297ba29e3e3244a44923bd92cfa7f3261eb3bddb5a75283b0d4277649a0fb549fddaff25ef286a0fd3c58165b88c1641747071a32d5b28bbdee23840e0f
Static task
static1
Behavioral task
behavioral1
Sample
Contract form C2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Contract form C2.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Payment Bid Reference.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Payment Bid Reference.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mapi.diplemailsrvr.com - Port:
587 - Username:
[email protected] - Password:
Banachi@1974
Targets
-
-
Target
Contract form C2.exe
-
Size
1.1MB
-
MD5
61cd9cf4bdb92c7b87610c6ca3bbb9f2
-
SHA1
98eb1b85c2f5a4df9d964089b7ef73e11ab299cb
-
SHA256
5e5d665f261aacccd45ce0cdeb9c09190918eca48adf692919446bf5a2b8b2ba
-
SHA512
f197d5cf146577569657b919c259ebcbf5779e4e7946101a720cd7929833b17b472008b175ddd553fc6f302c3d5f268a31ee1fc0669f5dbf127cb10ab345093f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
-
-
Target
Payment Bid Reference.exe
-
Size
1.1MB
-
MD5
61cd9cf4bdb92c7b87610c6ca3bbb9f2
-
SHA1
98eb1b85c2f5a4df9d964089b7ef73e11ab299cb
-
SHA256
5e5d665f261aacccd45ce0cdeb9c09190918eca48adf692919446bf5a2b8b2ba
-
SHA512
f197d5cf146577569657b919c259ebcbf5779e4e7946101a720cd7929833b17b472008b175ddd553fc6f302c3d5f268a31ee1fc0669f5dbf127cb10ab345093f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-