General
-
Target
STATEMENTS AND OUTSTANDING AMOUNTS.exe
-
Size
573KB
-
Sample
200713-327vzlmpzx
-
MD5
457de5690dbc92ae0e5e936846695dd6
-
SHA1
982c5af6b7784831bd9a28798142417358f2fec8
-
SHA256
f56840640186247deee56a36d22de91915a650be338be46de501c9a6ec67d4ea
-
SHA512
d0cb7e61aa3b01a45d29122a08318d453ea4f576942dbb1978e55b443a921e8af32f2cfc775d7afe65c130c550ef85005f92adb4e593df9231e00ca82653f5cd
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENTS AND OUTSTANDING AMOUNTS.exe
Resource
win7
Behavioral task
behavioral2
Sample
STATEMENTS AND OUTSTANDING AMOUNTS.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.varda.com.tr - Port:
587 - Username:
[email protected] - Password:
varda9997929
Targets
-
-
Target
STATEMENTS AND OUTSTANDING AMOUNTS.exe
-
Size
573KB
-
MD5
457de5690dbc92ae0e5e936846695dd6
-
SHA1
982c5af6b7784831bd9a28798142417358f2fec8
-
SHA256
f56840640186247deee56a36d22de91915a650be338be46de501c9a6ec67d4ea
-
SHA512
d0cb7e61aa3b01a45d29122a08318d453ea4f576942dbb1978e55b443a921e8af32f2cfc775d7afe65c130c550ef85005f92adb4e593df9231e00ca82653f5cd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-