General
-
Target
a6e525064d378f66580bde838ce261b90bd4845f8353c56951f866a783b5d564
-
Size
383KB
-
Sample
220521-nrg84shbej
-
MD5
9e473f377a63ae2604cabd99740124fe
-
SHA1
3fc71572403980cd8f154b111f175d7275426c87
-
SHA256
a6e525064d378f66580bde838ce261b90bd4845f8353c56951f866a783b5d564
-
SHA512
bf5488782ffcd853f1d0fc2049df410cf6504e57df3cb94b18b9be01a96e92e3069ae3731ab04fd4a85a52c809c57860713b1e828398b8d9cb4a4d72a8a50154
Static task
static1
Behavioral task
behavioral1
Sample
long overdue statement...exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
long overdue statement...exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
[email protected] - Password:
pawan100
Targets
-
-
Target
long overdue statement...exe
-
Size
471KB
-
MD5
3d9e92eb84c67c184740c2e6f70c8be7
-
SHA1
f0a594d073858e1127ae7f4c7a57965a99f06f2d
-
SHA256
afd0f03e321e33d0651d4a3e7c8c3da6e2fb3407fcda6bfc1fcbca5f78a6ae5d
-
SHA512
a5e4d3c3b02c62110d03ac8d3107f803fe521eb210c9582bb2c97a097a7c3bb7d48b84cdd8a6e36add10294f87c9417cea8c14e712d9d0655eafbd8bc7f67362
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-