General
-
Target
f90a42ec706dccec4f27fa3f3a7cf08443ddd67c9a919249f886ad7d59f65c52
-
Size
1.5MB
-
Sample
220521-nyd52ahdfk
-
MD5
70d48d214ab85e557e6937234f6f54ec
-
SHA1
08b491055a84ac87be53103f07551cec611d1441
-
SHA256
f90a42ec706dccec4f27fa3f3a7cf08443ddd67c9a919249f886ad7d59f65c52
-
SHA512
7dedc5f35f34999ffeda7a9380327d6c6e075653f82b544b2d0edf04ba5a11c8b42d0a41d5711e7ec503e48a240221ef230f47276217b902a509466b8c0aec39
Static task
static1
Behavioral task
behavioral1
Sample
PO 59116.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO 59116.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
PO 59116.exe
-
Size
4.5MB
-
MD5
4e76414c1fd03feb827a6559827996ca
-
SHA1
5bb2d31ec3439cd92b0059c791624cec9e2a5f3d
-
SHA256
cea8cae444dd5dadf01c31def4681b170907b97e0cfb468a9ff317ce7ae736a3
-
SHA512
1c23c1af05027ecf1de0d8c09417019d82108fe6de657d7881c05c9ea554b818fb900fd267dcc495e4ed48b8f00cd4567023d91348a6ec10ef449649eef77c3f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies WinLogon for persistence
-
AgentTesla Payload
-
Drops startup file
-
Adds Run key to start application
-