General
-
Target
608bfdfda2da2ae16a591935cae960dd3f3a3b044c8902d3593c483afdbc036c
-
Size
2.0MB
-
Sample
220521-dd2eqafeb3
-
MD5
b9c199d8abb3f60758867eb5ee4950c6
-
SHA1
58cd0cf8ec6d81872c04cd5d7b7c290d9f5c5747
-
SHA256
608bfdfda2da2ae16a591935cae960dd3f3a3b044c8902d3593c483afdbc036c
-
SHA512
b4a9644b72156dde3600fd2b1205e2d190d87d6f17f369ea6cdddf34b601fe46886d4121d630cc0934b98ec6ef9169f10de913541c81a9c73f5fcc8be8d2608e
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE 002242020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTE 002242020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.parshavayealborz.com - Port:
587 - Username:
[email protected] - Password:
P@rshava123456
Targets
-
-
Target
QUOTE 002242020.exe
-
Size
2.1MB
-
MD5
bdbfa33c09b950889d9fc19954f20935
-
SHA1
d9c6cf2322734d49a1c479ff31d044ccef2f739e
-
SHA256
51558f41331f2345cd146dc9705f48e8a6fdc425e6744658ff2ea53d42d34ae6
-
SHA512
5ab3679f6c523a4a5d73678461f5089713b06fde01d59d42e2ca728d7723af01d135eba0737bf1606f105bb0a64573807cc687b8f4ba0666f4678948f1ae6fa7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-