General
-
Target
678d4745d80e317b2b16b49e4b525528e80953669b468e03550163eafe9e1cfa
-
Size
426KB
-
Sample
220521-dcfrmaaedk
-
MD5
07e3d4c3d6a80074c077a6eb5ca003ac
-
SHA1
439db2895a66b44a547ff9be65f8a8f25e05ce7a
-
SHA256
678d4745d80e317b2b16b49e4b525528e80953669b468e03550163eafe9e1cfa
-
SHA512
94dd230623f65a98ea843d15a2c875bd99e8f459facc8a046e54eaaa296e1fde12becf60c05b310518bddb97cc81dc5dadfb6c0cbe3d68dc4fc8062ea430b303
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
NEW P O.exe
-
Size
482KB
-
MD5
d8492d52da3b7fc82bc19b8aca351c63
-
SHA1
a368f5ea2903bae4dc521189a09c490a215d7577
-
SHA256
e8ea9e32e32ba57db997117b275a571e3d69793663a9e81b4f2df7616b1389b4
-
SHA512
79e1ecee0202411b1ce9d3cc15d9eb175206471b194f5ab941ab6c391d19accc1656b03b6aa1e920b20dba2b1fe01f7ff0f91cb63d93a2a0e58d1e98a799f013
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-