General
-
Target
Term and Conditions-.exe
-
Size
417KB
-
Sample
200630-m1dlk5j172
-
MD5
0657f318a479e4ef02b4eb081ae1f8a4
-
SHA1
dbb0026898b304f2b90347e9240a9a39514a4936
-
SHA256
be21fe83f9230cc17ae46dc93ef917972b39f41da97ee9dfcd75099fc1b2b65d
-
SHA512
7fec8f109d68b7b3ad1f76b3aef53ff02b37258d028b0f4ecbb748821f9b128308fc6094cbb403e787bbc71219c4f03ce9d028bc6c793b362c3a2f42c2f59506
Static task
static1
Behavioral task
behavioral1
Sample
Term and Conditions-.exe
Resource
win7
Behavioral task
behavioral2
Sample
Term and Conditions-.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
ashimdutta@saamaygroup.com - Password:
pawan100
Targets
-
-
Target
Term and Conditions-.exe
-
Size
417KB
-
MD5
0657f318a479e4ef02b4eb081ae1f8a4
-
SHA1
dbb0026898b304f2b90347e9240a9a39514a4936
-
SHA256
be21fe83f9230cc17ae46dc93ef917972b39f41da97ee9dfcd75099fc1b2b65d
-
SHA512
7fec8f109d68b7b3ad1f76b3aef53ff02b37258d028b0f4ecbb748821f9b128308fc6094cbb403e787bbc71219c4f03ce9d028bc6c793b362c3a2f42c2f59506
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-