General
-
Target
ee575d62f189501bdf9f55b1a12c5ca57c991b16a0c9e7fc81aad01d32c8888f
-
Size
384KB
-
Sample
220521-prjbvafhb7
-
MD5
29fbd1ae6b42503cd2d0121ead2bd341
-
SHA1
dd71986a1379f8e8e465308522bbb76e25b1dbe6
-
SHA256
ee575d62f189501bdf9f55b1a12c5ca57c991b16a0c9e7fc81aad01d32c8888f
-
SHA512
081dce26fd0677d3344ed71b0fb02da46ce03390802b5cba181f354315a9357ee9ed3fcdd1ac4153039fb5dff97b85f2371fe15b02b3e918d23a34c721e7aabd
Static task
static1
Behavioral task
behavioral1
Sample
Export Documents (2).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Export Documents (2).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
ashimdutta@saamaygroup.com - Password:
pawan100
Targets
-
-
Target
Export Documents (2).exe
-
Size
417KB
-
MD5
0657f318a479e4ef02b4eb081ae1f8a4
-
SHA1
dbb0026898b304f2b90347e9240a9a39514a4936
-
SHA256
be21fe83f9230cc17ae46dc93ef917972b39f41da97ee9dfcd75099fc1b2b65d
-
SHA512
7fec8f109d68b7b3ad1f76b3aef53ff02b37258d028b0f4ecbb748821f9b128308fc6094cbb403e787bbc71219c4f03ce9d028bc6c793b362c3a2f42c2f59506
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-