General
-
Target
40dd02a1c74b1082e1cb3ecd80fe35447f2572c0dd18155b26601659fe3a59a2
-
Size
2.0MB
-
Sample
220521-b49snsgagp
-
MD5
3d35c994b44adcde90d2cca592c416a7
-
SHA1
ce3803e25114bc9d567ec7b06ddde62c67dfa2af
-
SHA256
40dd02a1c74b1082e1cb3ecd80fe35447f2572c0dd18155b26601659fe3a59a2
-
SHA512
0aeb7565cbe6df7a4a1fc274bc469b5c01a1f98ba26729344d5f9ce1769ff16abddaba508c158c6a6ed1c54a0e89b55e3406117134c5d3b470d9869c82701bd8
Static task
static1
Behavioral task
behavioral1
Sample
RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.parshavayealborz.com - Port:
587 - Username:
[email protected] - Password:
P@rshava123456
Targets
-
-
Target
RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.exe
-
Size
2.1MB
-
MD5
3200ae4f6dc2898755658b198ce4482f
-
SHA1
4ba054467be75935e81245d4258a4e82ce60fd59
-
SHA256
826f7d92ad363ef5588a9d983b76899cd45279c201e2af459a38ef034527bf06
-
SHA512
8fdf74582ff2f0a1c518391d17bcb478a5e564b3a2c43062d314406bdbe9116cdf673a5cdcdae31578fc0659d2f2be552cc1cacf44a4aa6d81abc03dd5477704
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-