General
-
Target
4600031748.exe
-
Size
1.1MB
-
Sample
210113-3xvpqsfk1n
-
MD5
201b4d62ac730c8aa790d6958fd36def
-
SHA1
f47fb5d4ca3a442f7f8f442e47e1297d2304da69
-
SHA256
5b7c7d4bf17521dddc7ee1accfee37d1b50e89f634e7c67439ae92dcef4c32e3
-
SHA512
f2857f1ea47c58a5571f17e2c78bed6bf67b5580d81a2892f676304206d17ebf216c0823d5ab99cf34726ada1e0c43b899b92f4de61a0762be6c5e712bdcf429
Static task
static1
Behavioral task
behavioral1
Sample
4600031748.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4600031748.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chestronic.com - Port:
587 - Username:
sales2@chestronic.com - Password:
8$@oJ?OGP~ge
Targets
-
-
Target
4600031748.exe
-
Size
1.1MB
-
MD5
201b4d62ac730c8aa790d6958fd36def
-
SHA1
f47fb5d4ca3a442f7f8f442e47e1297d2304da69
-
SHA256
5b7c7d4bf17521dddc7ee1accfee37d1b50e89f634e7c67439ae92dcef4c32e3
-
SHA512
f2857f1ea47c58a5571f17e2c78bed6bf67b5580d81a2892f676304206d17ebf216c0823d5ab99cf34726ada1e0c43b899b92f4de61a0762be6c5e712bdcf429
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-