General
-
Target
PI#167213.exe
-
Size
745KB
-
Sample
210225-496tbrrm9n
-
MD5
9001412fdd41d6a89f4f58203baac126
-
SHA1
1a09816ca58a3bf17ee945f898e4b659d7de58d9
-
SHA256
63bea72f61d1ff638621a44d1d7328045bfa6c748549ea9637059dfca6821420
-
SHA512
69f935d9f9df309158fb667d1ef57b18f12b9c172347beba0e3f8b563bb280f1c410c8c05b7f1727a57fdf51c37edcefb70891ee21f696705204b34c3a8595f2
Static task
static1
Behavioral task
behavioral1
Sample
PI#167213.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PI#167213.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.shyamindofab.com - Port:
587 - Username:
[email protected] - Password:
anurag#$486
Targets
-
-
Target
PI#167213.exe
-
Size
745KB
-
MD5
9001412fdd41d6a89f4f58203baac126
-
SHA1
1a09816ca58a3bf17ee945f898e4b659d7de58d9
-
SHA256
63bea72f61d1ff638621a44d1d7328045bfa6c748549ea9637059dfca6821420
-
SHA512
69f935d9f9df309158fb667d1ef57b18f12b9c172347beba0e3f8b563bb280f1c410c8c05b7f1727a57fdf51c37edcefb70891ee21f696705204b34c3a8595f2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-