General
-
Target
PZS-172.exe
-
Size
413KB
-
Sample
200630-wsaan6zgr6
-
MD5
38beb7c3620d7fa183fef226aa284725
-
SHA1
92048b0233855abd8098e3c049a981adc318e1f9
-
SHA256
3b99fe9fd560fbfa948a5c5e0ab90281a0a75eed2615a7378b0bc6bd82e33a8a
-
SHA512
1ce87934f9775012352f883d4f460ac45548803782c6929adf3e5c9648d3157e4916e37611b75c1423e24cca90efc83d004692e1118311b0d617a362ae681e03
Static task
static1
Behavioral task
behavioral1
Sample
PZS-172.exe
Resource
win7
Behavioral task
behavioral2
Sample
PZS-172.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mybutler.in - Port:
587 - Username:
sundeep@mybutler.in - Password:
peed@2018
Targets
-
-
Target
PZS-172.exe
-
Size
413KB
-
MD5
38beb7c3620d7fa183fef226aa284725
-
SHA1
92048b0233855abd8098e3c049a981adc318e1f9
-
SHA256
3b99fe9fd560fbfa948a5c5e0ab90281a0a75eed2615a7378b0bc6bd82e33a8a
-
SHA512
1ce87934f9775012352f883d4f460ac45548803782c6929adf3e5c9648d3157e4916e37611b75c1423e24cca90efc83d004692e1118311b0d617a362ae681e03
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-