General
-
Target
c5abfa80cf40d138887ae52cd441797c0e549af02c352f39451693cf597d184e
-
Size
2.0MB
-
Sample
220520-3t87yahef6
-
MD5
8dcbc0a2e5d101cb601b5f33869131f2
-
SHA1
28ee77564c4d5af3471dd3c430e719bf06ee8312
-
SHA256
c5abfa80cf40d138887ae52cd441797c0e549af02c352f39451693cf597d184e
-
SHA512
f4beff92bbbd5c76e91f75d2f2634f401fe4ecd7f16a0d7fd7fc01a064e659614a5fe05fef2ac8174be847c609498db21dcca79c3d01b05db481945319f25460
Static task
static1
Behavioral task
behavioral1
Sample
RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.parshavayealborz.com - Port:
587 - Username:
[email protected] - Password:
P@rshava123456
Targets
-
-
Target
RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.exe
-
Size
2.0MB
-
MD5
2a6cec53f04f431e88734606cc170575
-
SHA1
9c34a820806f306345f86db72bc0f3ae8ae7dfbf
-
SHA256
1296fea5be2ddeca7afbb565183c83b9a5660eb1fe98942bb2f048be7b237f6c
-
SHA512
83de8bc6688cd87d3596438f52f7cb5630d47bfa1546b38de6b4d8886a13290d7575f610d460fbcd287a4e4823db64892b64399fc59afa258b5448dbf807f7d1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-