General
-
Target
5ebde73bdf8d6dd3be4faa6125da6780ddcc12c3ba2fffba1943b188576d1d4e
-
Size
1.5MB
-
Sample
220520-qzlydaech9
-
MD5
79b0a398726e3ce4eead1a08fa859bf4
-
SHA1
9dd4497ad6a662d59fd34274bf665bec841ef784
-
SHA256
5ebde73bdf8d6dd3be4faa6125da6780ddcc12c3ba2fffba1943b188576d1d4e
-
SHA512
de78cf21aa1b67dd8a352ddc4a4b9cbb437d2e5500eb0caf882bc10489c81f3ed77bb4f6703acca80869bc0fdb2be02c61f6d842c810c0255b3d20d8951ab87a
Static task
static1
Behavioral task
behavioral1
Sample
ARRV_00011004_CGS4250506pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ARRV_00011004_CGS4250506pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.karmachalets.co.in - Port:
587 - Username:
akshya@karmachalets.co.in - Password:
Akshya@123
Targets
-
-
Target
ARRV_00011004_CGS4250506pdf.exe
-
Size
1.9MB
-
MD5
ab058ec451bac8a417468aa9bd7b5fc0
-
SHA1
623dc4c4af0f882939cca44117395e965c58c6ca
-
SHA256
3d03d3d5e9188be6389f0a9cf58e0436a9c9ea800a355a2249867fd3400350b6
-
SHA512
15fe082844d0b9ec4008318e258ad8ce6cb0302bc6458a7f2ff4d6cb45bbca07c1429ec688cc6e8b126b6049645bb071cc6b43bc51634dd4c25c9c5fa23dba78
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-