General
-
Target
a35495ca447272d3acd4164b73c1f6e881bd0dc854f7953b4047dc79d273c268
-
Size
296KB
-
Sample
210121-6kgvta1z36
-
MD5
f90f7228f33accb6b44274c6c07cf511
-
SHA1
5cad49a1dd5da9f40bc490170546132680ccb2a2
-
SHA256
a35495ca447272d3acd4164b73c1f6e881bd0dc854f7953b4047dc79d273c268
-
SHA512
994d2a8560d384808fedb536c5ba273b9fc8e448908acdd94fde2d36324b0ed07df68603d1a8e4c0db4bad1ca1146621224ae4df8d9900e7439d733fa95b675d
Static task
static1
Behavioral task
behavioral1
Sample
a35495ca447272d3acd4164b73c1f6e881bd0dc854f7953b4047dc79d273c268.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
a35495ca447272d3acd4164b73c1f6e881bd0dc854f7953b4047dc79d273c268.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
paola.micheli@copangroup.xyz - Password:
gibson.1990
Targets
-
-
Target
a35495ca447272d3acd4164b73c1f6e881bd0dc854f7953b4047dc79d273c268
-
Size
296KB
-
MD5
f90f7228f33accb6b44274c6c07cf511
-
SHA1
5cad49a1dd5da9f40bc490170546132680ccb2a2
-
SHA256
a35495ca447272d3acd4164b73c1f6e881bd0dc854f7953b4047dc79d273c268
-
SHA512
994d2a8560d384808fedb536c5ba273b9fc8e448908acdd94fde2d36324b0ed07df68603d1a8e4c0db4bad1ca1146621224ae4df8d9900e7439d733fa95b675d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-