General
-
Target
0b4f95fc3af9acb1caed7d0bb51574609ad60c58cb25e52445811bbc6bbffefc
-
Size
217KB
-
Sample
220521-byny1scfg6
-
MD5
9ce6bbc944266e9bd0a402a05313bd1c
-
SHA1
a398e3443f5678c79b22ef73fc499d52241503f9
-
SHA256
0b4f95fc3af9acb1caed7d0bb51574609ad60c58cb25e52445811bbc6bbffefc
-
SHA512
afaabb5656127ef6a7a78838d17e9d32be00eee548cb9ad2c45397fa9b705b426169db994218252e5555a760af119bc49b2e179564476fe7a8ecb3dfdd9f6bf1
Static task
static1
Behavioral task
behavioral1
Sample
TT SLIP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TT SLIP.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.qualitypulse.sg - Port:
587 - Username:
[email protected] - Password:
10EWR0203486364
Targets
-
-
Target
TT SLIP.exe
-
Size
630KB
-
MD5
6b94d92840160e9ecc9a9f808edc93f4
-
SHA1
dcbce739ab926a184d2ebc995ff417c5772c4312
-
SHA256
70072a6239488b071403cf29308652486727816236c455de356bbe13df67d3a8
-
SHA512
6502f23e33bcb20c157a1461976a2275ce1eb6bcadcd960aa7837627929b016a78e3545045c90980efc002f0dbe4768b5a6ad8e089d4983dc07a1536fc4841ef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-