General
-
Target
199f5c3379f3268daedc5f3b3a36383bf171511d0d657fac4057b9e3b40619c7
-
Size
526KB
-
Sample
220521-bxx6ascfd5
-
MD5
e2de50c11994aea9616539df22138f4a
-
SHA1
50c386223ff4e8cc02d0ecaa8870a250dd22152a
-
SHA256
199f5c3379f3268daedc5f3b3a36383bf171511d0d657fac4057b9e3b40619c7
-
SHA512
7af1d7d2348fd772649e56eccac3b5bb29bdd8068a1817cb46221a20912fd4912abf07d838d8eac4dafc0aebb9de29bfaad5b58f7c4577cae3a4f876986fc47f
Static task
static1
Behavioral task
behavioral1
Sample
Direct_advice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Direct_advice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.israelagroconsultant.com - Port:
587 - Username:
[email protected] - Password:
israelagro@123
Targets
-
-
Target
Direct_advice.exe
-
Size
608KB
-
MD5
bf98feb3502d7f0914c6a1068a1bc9b1
-
SHA1
230ec06385b9c16f4accd3755cd72aa1c79be4a7
-
SHA256
bd798dda71e760acc62a228c3c770034e1a5d0f65db0e0805a6157bcd8c9c454
-
SHA512
04705964647d02c9b9ae2fa7b940ea493b6b0fd58f297b9d6bd9bc266cb7fd7ae94f9add7d5d85fe432f8ccb9efbbde8b7145a3b5931d08c5667c8d3765446c4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-