General
-
Target
667b9a701b198ccd2e8a80aa087afd75eb056805086cced0b7bc107142558a9b
-
Size
1.3MB
-
Sample
220521-apq7caaeh7
-
MD5
20aa3ba82a4de0cfa1bd2a30f583ca11
-
SHA1
ea0247da6e269cb90e63e749651ba99f6c8b2ac0
-
SHA256
667b9a701b198ccd2e8a80aa087afd75eb056805086cced0b7bc107142558a9b
-
SHA512
cb24a62e10052aa8f44226d835d3f6eaa0c28d47b10eedca211dc1c6a6a0a5e832968e8cb21d54f6055ac3073b5123b83a2c69e9df2a069ce734bc544614304d
Static task
static1
Behavioral task
behavioral1
Sample
PRICE_IN.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PRICE_IN.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
lasco4000@@
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
lasco4000@@
Targets
-
-
Target
PRICE_IN.EXE
-
Size
760KB
-
MD5
d8e4b336d3cea4fccdf15d91710d253b
-
SHA1
cf8d29721db66b16216315f2474c7e29f0a06af1
-
SHA256
144e37b521d59ab49d1e2f132802e8cc93f863ccaec2904b6914335ec2681cd1
-
SHA512
a9191c0174e5f6152c0fbe3490b9fd3d2908e0e5adf34e94222d249b959a1c0d4e996fb0c758600ea859a619ef79951443f4256056530919cabe1f1d4351e103
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-