General
-
Target
30a7e94bebd2855a574f3e92f373d9cf2533fc588a293813625e7ea5e7b02102
-
Size
378KB
-
Sample
220521-bwzyhacfa4
-
MD5
5b850b4b62e40b8a62ee5421db5b4d8b
-
SHA1
808bc4a2106cdc3bd2ba22f6b5d3c2468c4ebfe6
-
SHA256
30a7e94bebd2855a574f3e92f373d9cf2533fc588a293813625e7ea5e7b02102
-
SHA512
afed5e63e0b63d855bb898074e19e3fef2c402dd59e53a1f03fccd4f0a929342488050c82f6eff55749b66fc713a56864022c24630c17dd4f6c8ae0d95f89669
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE LIST.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE LIST.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.parshavayealborz.com - Port:
587 - Username:
[email protected] - Password:
P@rshava123456
Targets
-
-
Target
PURCHASE LIST.exe
-
Size
470KB
-
MD5
c092144bb729298d50c95d1a16d0aa97
-
SHA1
1c31147f7e9f37e4e8bc73b0d1e535fba242734d
-
SHA256
ee40db183a9f86ee97dd3803b54d1711d443d25beb0160fd89cd54ad890b8485
-
SHA512
88b9666c3cce98d5485c12ec72619bc5e69967e4531c7998f051c2f48d012cd92cd1e9841d99d442195236ad1af60199bc7c4df8668a4b7305b0be34a60f5637
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-