General
-
Target
COPY-SCANB840284-IMG-2020-13-02-DOCUMENT-PDF.exe
-
Size
461KB
-
Sample
201109-7p6mxbz6r2
-
MD5
2f6432c5af8d10b04caed90d410ec7ad
-
SHA1
4b1fc10818dd534922feef4d521eb3574337e3c0
-
SHA256
094fd325049b8a9cf6d3e5ef2a6d4cc6a567d7d49c35f8bb8dd9e3c6acf3d78d
-
SHA512
ce04cb02a8abd991327487a2f70014739d4f244930caa95f5246dd5925624c54e3c5abb3e0efb6c8944be379b393f5556ae203ad8f752913bedea3ec8574ef6e
Static task
static1
Behavioral task
behavioral1
Sample
COPY-SCANB840284-IMG-2020-13-02-DOCUMENT-PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
COPY-SCANB840284-IMG-2020-13-02-DOCUMENT-PDF.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.technomatic.in - Port:
587 - Username:
[email protected] - Password:
coordinator4@123
Targets
-
-
Target
COPY-SCANB840284-IMG-2020-13-02-DOCUMENT-PDF.exe
-
Size
461KB
-
MD5
2f6432c5af8d10b04caed90d410ec7ad
-
SHA1
4b1fc10818dd534922feef4d521eb3574337e3c0
-
SHA256
094fd325049b8a9cf6d3e5ef2a6d4cc6a567d7d49c35f8bb8dd9e3c6acf3d78d
-
SHA512
ce04cb02a8abd991327487a2f70014739d4f244930caa95f5246dd5925624c54e3c5abb3e0efb6c8944be379b393f5556ae203ad8f752913bedea3ec8574ef6e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-