General
-
Target
8a2fcf39d063a677651788eb6c50d8b8afbf9cd779f9b4bb30489ab6632ae79e
-
Size
325KB
-
Sample
220521-nxyhaahddl
-
MD5
025da2766c67a99ecc9be93fc9dc5094
-
SHA1
db7c12176c2451b76f38d32b893ad103543f2b29
-
SHA256
8a2fcf39d063a677651788eb6c50d8b8afbf9cd779f9b4bb30489ab6632ae79e
-
SHA512
8a7596557b8797de6e2356f3c3d7ad88125c0dcaca0db11cb9ccbe307a474b47b827ac8862725ed160fd5a1de03e99b8fd10b01359036868f137a62f7c51301e
Static task
static1
Behavioral task
behavioral1
Sample
Export Documents (3).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Export Documents (3).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
ashimdutta@saamaygroup.com - Password:
pawan100
Targets
-
-
Target
Export Documents (3).exe
-
Size
379KB
-
MD5
610f554a3f2be23144dabbf8071dc6cc
-
SHA1
b7fe05e6b16b8a9be9b1b6afbe080f91ba6aaa84
-
SHA256
c9068274125d74f39ca0d4833d18cdc22f24676ed7c10ada30399e02ed4d4fc4
-
SHA512
ee55296bcb9da951015c43d6a9273f12997b62f24a85f368b8eaac105ee619f017193e1682938cb22860597c8c02e5dee73e4a2a314290c1091d9d57a1e902cf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-