General
-
Target
1d1930b4be3bc85d063e73b39d9a60695b8ce8d2f90ec79cc737f130e909eae6
-
Size
402KB
-
Sample
220521-ntdnpshbgr
-
MD5
80ddf7d6d03f7d08b0c6cf3ea99477f2
-
SHA1
41e3ad8569fbebfc6a40cbce722bd1007f08907d
-
SHA256
1d1930b4be3bc85d063e73b39d9a60695b8ce8d2f90ec79cc737f130e909eae6
-
SHA512
54285ada9e310efa67410f7312f13d8e2579830a69e8782d12255d2251b4a1c5b44e569c444f1baf4e07cb5b1b56fc2f2113c79d329d6a2944fd577d2698af14
Static task
static1
Behavioral task
behavioral1
Sample
ggggdrdg.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ggggdrdg.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mkkarakosemobilya.com - Port:
587 - Username:
mahmut@mkkarakosemobilya.com - Password:
MKkkmbly@2019
Targets
-
-
Target
ggggdrdg.exe
-
Size
604KB
-
MD5
c563a1a2b846b84d781e7affbcf10988
-
SHA1
c0ea2727bf4978444f146dd8240bb06f4838c465
-
SHA256
e0d1c1f7fd8a8d07882ceeb4d681f9ff2b36912e9b0a8b182b3252599c2ea699
-
SHA512
78f4ab5f22782142f966fb5555b7fc32e28333a8c6dc843a0283ae29c423cfc95ce8ec8e712a4c688c7dcde2c03c7f2e95d03c28f5ca42945433b0a37ca0b436
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-