General
-
Target
40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd
-
Size
364KB
-
Sample
220521-pxrkeagbd4
-
MD5
17a7442de0c8ba25ceb7aaeb4a0c6610
-
SHA1
cf133f9a3a49567f3591734b250839043bd7d31d
-
SHA256
40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd
-
SHA512
e8e78d15a0ea3c819cce6961dc7117402b1db155f7ef74530d30a4b0df1f1135dd96f28e9c4452d2f4e348fb341f33daff4002e378e9ca2687cd339c7ed2039f
Static task
static1
Behavioral task
behavioral1
Sample
POs 097663899 NEW ORDER.r.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
POs 097663899 NEW ORDER.r.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.parshavayealborz.com - Port:
587 - Username:
info@parshavayealborz.com - Password:
P@rshava123456
Targets
-
-
Target
POs 097663899 NEW ORDER.r.exe
-
Size
399KB
-
MD5
610a2a3c8ff25649bb8d64f028d657fe
-
SHA1
939d2ffc7e123a061c3ecae244f618f2303c8d29
-
SHA256
eea3d6de7952101ff57da6f48ea85ecdbaf71bf5027d0d20478021d842a21101
-
SHA512
2d0ab260a7bb2a04a6bb40b68b8d67f8444eaee650d5204b1dd92b2541e4241085cb01e802a73c9d6bc41af33c1b7591b5736bcc0253c247964e2c53ed7c62ba
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-