General
-
Target
Delivery Note Awd - 3748489443-93878300273.exe
-
Size
534KB
-
Sample
210226-37tkn2j696
-
MD5
c09f8ef8861ed247635c25d80444cebe
-
SHA1
950bc20f2d52391849807e423c38f392fe609cd8
-
SHA256
9c0bc02f53fe2d0a3a347e2306a1ac7b4a5c80bb9332f0ae1734126e78df2596
-
SHA512
6cbbe57113ce31ca131e84c3a1a3112f558e450af1bfbc2ccf5e32b4d6449f21f18c6e4dc4a44d2216717e8fe98a2ad9f738f6048ccc8efdc7a93d38513f8991
Static task
static1
Behavioral task
behavioral1
Sample
Delivery Note Awd - 3748489443-93878300273.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Delivery Note Awd - 3748489443-93878300273.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.curidesigner.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
Delivery Note Awd - 3748489443-93878300273.exe
-
Size
534KB
-
MD5
c09f8ef8861ed247635c25d80444cebe
-
SHA1
950bc20f2d52391849807e423c38f392fe609cd8
-
SHA256
9c0bc02f53fe2d0a3a347e2306a1ac7b4a5c80bb9332f0ae1734126e78df2596
-
SHA512
6cbbe57113ce31ca131e84c3a1a3112f558e450af1bfbc2ccf5e32b4d6449f21f18c6e4dc4a44d2216717e8fe98a2ad9f738f6048ccc8efdc7a93d38513f8991
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-