General
-
Target
6eb7b74ec39eea1a0b9f4aa7e956b1cee9fbd96d4b7cc909de553c6b7b8d5d27
-
Size
622KB
-
Sample
220521-pkjn2aaffn
-
MD5
1e979d7d9a3881fc0a2d6a8dffc70e11
-
SHA1
5da5c43c7002484496379714bbbc0933a38ea1f0
-
SHA256
6eb7b74ec39eea1a0b9f4aa7e956b1cee9fbd96d4b7cc909de553c6b7b8d5d27
-
SHA512
507bbd216ea4e2c1bf4de9b5ee94111185986b1fd0684b1e3d12107255551eaa62e64f7565640ca36e68ed1e5cfd9de6cff2727c407b706693eea6b061ffc860
Static task
static1
Behavioral task
behavioral1
Sample
PO3340-22052020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO3340-22052020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.impressindia.net - Port:
587 - Username:
zip@impressindia.net - Password:
!,tR}%PDdI0N
Targets
-
-
Target
PO3340-22052020.exe
-
Size
544KB
-
MD5
35c5e71f48be7d9def690629f4ccd29f
-
SHA1
e0220c136536a09798dcbe6ba3149359a6b05939
-
SHA256
2a4abd200745105770d74dbf311c5c1b4cfff4ce743cadd3d0cce2060648a119
-
SHA512
da227731023ff11bb9ea4e391ebfcf27fb83e52cfefd9ea58fbeb3d632bc56bf751c684e4f6c8ec6feb2c7a47df1a3256b07798156bf7af5476ed15f6d0afaa6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-