General
-
Target
4600031748.exe
-
Size
882KB
-
Sample
210112-kzynae63n6
-
MD5
e29fafaed21c58905689f0d9f7bf2dba
-
SHA1
59f26886bbce1015d739454ff01871c8042b851c
-
SHA256
46772fa62adcf19046021fb7b7aeea00fd927e135156d9c89b5e2492f6e6cf3c
-
SHA512
8145257789f9a5a36d19a16f07b5823a809bf5dd7c9703d52e096b9450e305bf0768f04e46bb4678c7481d5ee5064ffe227ec0b41af3489d2cb3d6fd81d52959
Static task
static1
Behavioral task
behavioral1
Sample
4600031748.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4600031748.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chestronic.com - Port:
587 - Username:
[email protected] - Password:
8$@oJ?OGP~ge
Targets
-
-
Target
4600031748.exe
-
Size
882KB
-
MD5
e29fafaed21c58905689f0d9f7bf2dba
-
SHA1
59f26886bbce1015d739454ff01871c8042b851c
-
SHA256
46772fa62adcf19046021fb7b7aeea00fd927e135156d9c89b5e2492f6e6cf3c
-
SHA512
8145257789f9a5a36d19a16f07b5823a809bf5dd7c9703d52e096b9450e305bf0768f04e46bb4678c7481d5ee5064ffe227ec0b41af3489d2cb3d6fd81d52959
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-