General
-
Target
SecuriteInfo.com.Variant.Zusy.363976.7571.11063
-
Size
625KB
-
Sample
210126-ml3a8ktmlx
-
MD5
b94f6fe6c0a12f51cefa10222036b2e8
-
SHA1
b47a296f3044b5bb5a1e8f5306ad5687067289c9
-
SHA256
c2c6013ed703c379c923c39bea006e32b5b27f6c4145f2d219665a190e493971
-
SHA512
d70b471da3a745ec981003d4ade776a71eb9870eecb649f9055929ec0ea0bbff900c95064047fe1b65d59470a30269c23496a6c66895f86e7a51b25afc4e71e6
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Zusy.363976.7571.11063.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Zusy.363976.7571.11063.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shreejilogistix.com - Port:
587 - Username:
[email protected] - Password:
ZHNecv9PfHk2
Targets
-
-
Target
SecuriteInfo.com.Variant.Zusy.363976.7571.11063
-
Size
625KB
-
MD5
b94f6fe6c0a12f51cefa10222036b2e8
-
SHA1
b47a296f3044b5bb5a1e8f5306ad5687067289c9
-
SHA256
c2c6013ed703c379c923c39bea006e32b5b27f6c4145f2d219665a190e493971
-
SHA512
d70b471da3a745ec981003d4ade776a71eb9870eecb649f9055929ec0ea0bbff900c95064047fe1b65d59470a30269c23496a6c66895f86e7a51b25afc4e71e6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-