General
-
Target
018506d82dc892d23c3b3bec9f81044d040dd6f3c04839acba081713f1576d14
-
Size
348KB
-
Sample
220521-pc4n8sacdj
-
MD5
0c48cc845206d07d493a675eb5fc4669
-
SHA1
17927aed76162834c6284df27c7f7b3c9ac9b4c9
-
SHA256
018506d82dc892d23c3b3bec9f81044d040dd6f3c04839acba081713f1576d14
-
SHA512
fe68bdf920686c66e1479b520d6e4201e042db61c737130a83abe0e0532669b7326ce81d6c1c69da051a0f2375480743307928c2cb3d663db1ce7a5412bc3b0f
Static task
static1
Behavioral task
behavioral1
Sample
long overdue statement (3).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
long overdue statement (3).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
ashimdutta@saamaygroup.com - Password:
pawan100
Targets
-
-
Target
long overdue statement (3).exe
-
Size
401KB
-
MD5
f2f2039a030460a562bd6fd7129775af
-
SHA1
cd6724348219200752f3e06da09556e690e1abef
-
SHA256
12b8f1b224e66e7fcae47229c008f04c435cbc98dff24c4a4092a80f26b67924
-
SHA512
e3f6fdb31858ecf6e72b6a5979767472163994f706ca7951a22f0be20f630a01ec10f37f1c336a1520089621029bcfdc8ae9d70e7dbba03fbea3c0cb09476165
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-