General
-
Target
7ad70dc95ae7e7d446a069e1d76157370c462c1fe84892c7ca08c13da517bebc
-
Size
366KB
-
Sample
220521-b1w3eacgh2
-
MD5
83b1d28fd15723f3ab1299bbfe148eb6
-
SHA1
226f49cbe0c6d3828b425ab010fea23282aa1d0d
-
SHA256
7ad70dc95ae7e7d446a069e1d76157370c462c1fe84892c7ca08c13da517bebc
-
SHA512
9e7c95f762b7575d4bef31c978807d637b12dd8408ef0cef08f45a33b6847187b71c783394e2122d0b1cb2c27b06ed1a65fdd98c534792fd2b0462811059f023
Static task
static1
Behavioral task
behavioral1
Sample
PO-11059021022021.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO-11059021022021.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.standard-engg.com - Port:
587 - Username:
[email protected] - Password:
Standard123#@!
Targets
-
-
Target
PO-11059021022021.exe
-
Size
406KB
-
MD5
c14e2f7c8e8cc81b9dca88b81369b5aa
-
SHA1
845056cffbc74ef74ae18f1535819c1fd1eaefbf
-
SHA256
329def7ed2b3e21852c057f9db14aa69756635b6be94de40b19b95bd10e1d71d
-
SHA512
fe928fb529c1c0899a1d9f37ec8c5b7dce2341639f79d1d2a3a8aa0ab503012ff0a62900ebcf7a4dc9d05382716c9747a93ea1424bcabc9173f39a418435ffde
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-