General
-
Target
45e9ef55ba8715da89c642ebb8e82dc7936ef5b95c9bcaea8e0970780feb6bfa
-
Size
384KB
-
Sample
220521-pxkrvsbdbr
-
MD5
1b9ae752d119f7dda7d05ad9f47c5a8c
-
SHA1
54bccbfc28d0b2fb2f22d21bd1baffa8262d7dea
-
SHA256
45e9ef55ba8715da89c642ebb8e82dc7936ef5b95c9bcaea8e0970780feb6bfa
-
SHA512
86d4336d811bc161e0378237ff88a22ef1234dfd6dde6e32e2cf1e951288d191083b9d16116b4a809ee2ce25557f073b5f2c21034f6f8e072a09296490ea2f3c
Static task
static1
Behavioral task
behavioral1
Sample
Term and Conditions-.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Term and Conditions-.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
ashimdutta@saamaygroup.com - Password:
pawan100
Targets
-
-
Target
Term and Conditions-.exe
-
Size
417KB
-
MD5
0657f318a479e4ef02b4eb081ae1f8a4
-
SHA1
dbb0026898b304f2b90347e9240a9a39514a4936
-
SHA256
be21fe83f9230cc17ae46dc93ef917972b39f41da97ee9dfcd75099fc1b2b65d
-
SHA512
7fec8f109d68b7b3ad1f76b3aef53ff02b37258d028b0f4ecbb748821f9b128308fc6094cbb403e787bbc71219c4f03ce9d028bc6c793b362c3a2f42c2f59506
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-