General
-
Target
d45a2fb13815708120941d7dbd7b221188247c0c25d5bd421ef574dd8ed592ad
-
Size
577KB
-
Sample
220521-bngrysfbfr
-
MD5
2947ffc71628bd3b180b1fd3619e595f
-
SHA1
c82de94bf4e69fb953c995cf4ad27b6d3e9f3208
-
SHA256
d45a2fb13815708120941d7dbd7b221188247c0c25d5bd421ef574dd8ed592ad
-
SHA512
12d8d9266837a85df8438b31dfb8bc9f8f1e905fa8e45b008712edd746604d9c50f76ab65e373fbe71e9c26241c64746997b44d9d957fa238890da75192cb9da
Static task
static1
Behavioral task
behavioral1
Sample
duk.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
[email protected] - Password:
9+^va&phP1v9
Targets
-
-
Target
duk.exe
-
Size
721KB
-
MD5
214d7bb44c3bfa9d424c36de11df39e8
-
SHA1
020ee2d28edbf2e1df9cf0ba6e1b04c50f3675d4
-
SHA256
e30672336261f66449f9e3e1f7e4fd6ba381e6046cdb5c9ba0088c576aca5176
-
SHA512
4ecb3353dd94416113c4fe68b8c5ed1f62a9a4cdae5fb6c0bf4095fc33e646903291ff15c1216d571ec1b2cf276c8f75f77742d361ac703b1fc27fe770a71d82
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-