General
-
Target
scan copy-001.exe
-
Size
1.1MB
-
Sample
210111-wy9jffj8kn
-
MD5
e5f75d96fdbd9b2edf0623ca56e60a84
-
SHA1
93e0f48621b5550f72869c371796f2c04be9d8fb
-
SHA256
22a1bf1796ab58532e00602c90341a0e095f752c646c3614a115ede18c91f3cf
-
SHA512
3191abf781821c47d1e7a8d1acbc8ddab9147074d49a77566bf6e708b285c643084b14900fc378fc931bd2362e3de2a45e6b3e7afe7c1d8676159fda8e228540
Static task
static1
Behavioral task
behavioral1
Sample
scan copy-001.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
scan copy-001.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chestronic.com - Port:
587 - Username:
[email protected] - Password:
8$@oJ?OGP~ge
Targets
-
-
Target
scan copy-001.exe
-
Size
1.1MB
-
MD5
e5f75d96fdbd9b2edf0623ca56e60a84
-
SHA1
93e0f48621b5550f72869c371796f2c04be9d8fb
-
SHA256
22a1bf1796ab58532e00602c90341a0e095f752c646c3614a115ede18c91f3cf
-
SHA512
3191abf781821c47d1e7a8d1acbc8ddab9147074d49a77566bf6e708b285c643084b14900fc378fc931bd2362e3de2a45e6b3e7afe7c1d8676159fda8e228540
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-