General
-
Target
f11cb17b9fabf7f07003b5ba779a28285369a13120dcfe25345d0e4eec7bbcca
-
Size
1.2MB
-
Sample
220521-m63ypadbf2
-
MD5
06e70432dfd2bcf805c62302b533dbab
-
SHA1
39c711c8df02932a93015a6a197b2b202ac92f56
-
SHA256
f11cb17b9fabf7f07003b5ba779a28285369a13120dcfe25345d0e4eec7bbcca
-
SHA512
78e876d290a64a49ae398f6a79c436abe8fbef6b082b38009b8009aa83d57d476030c196511aac653cc2a790ebeb894027fac0fa21e24127f8d8bd4541d5ea06
Static task
static1
Behavioral task
behavioral1
Sample
PO20201.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO20201.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.durainteriordesign.com - Port:
587 - Username:
sultan@durainteriordesign.com - Password:
successman12
Targets
-
-
Target
PO20201.exe
-
Size
1.6MB
-
MD5
144ef7cef25ba3310000ddb81ec5192c
-
SHA1
b1ab1c5509afb2fda7cf8de4df971ec24ae48e49
-
SHA256
ef198e1bc193d5b0e033b27059f10e3ae7a5b696f2157bda94d765cc353d6952
-
SHA512
343cbb325758832b4f7a683fe28aad451f790c450e1ec49e57ca3c71c57ae15b825b878ca2db923070fc8cfe7c97b8104da80eda2e5bcc732a83bd934f1d11fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-