General
-
Target
EQUIPMENT MATERAILS NEEDED.zip
-
Size
452KB
-
Sample
210226-4gc7ywga1s
-
MD5
db448fc9a96735150b08f0909b5b6766
-
SHA1
712def85475c3b91076368d9440deb9e0d234e79
-
SHA256
ec36e2f0bb4c381d042bb6f5cca501dd8a8c6819466b7997a7aa3c8bb82ea020
-
SHA512
4c484fdf946daf0c61062e1459b22b1ad638553efc418296dd90cd1067fd0f0916cf85534c3a363617f353d1230dc23412aadce3e1033305ef8c0d681f9e4f2e
Static task
static1
Behavioral task
behavioral1
Sample
EQUIPMENT MATERAILS NEEDED.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
EQUIPMENT MATERAILS NEEDED.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.twu-info.us - Port:
587 - Username:
[email protected] - Password:
L@ywYdM6
Targets
-
-
Target
EQUIPMENT MATERAILS NEEDED.exe
-
Size
765KB
-
MD5
39c394bba15fb14020e2d939ba91d957
-
SHA1
db372cb164a8b984a9939058f024e901cbe00f81
-
SHA256
4b42e00e660b8642f39a05d3b054ee060274b88fb11cb15f2e97b27daaac9efd
-
SHA512
f137fc9b1319dfac598123591fa74bcb6a46598ef70302265ef683e77e3ec6e70fdba463d4ddfaa2cb19e4670ffd9c05e2c35bdbde2ce8229553ec61c191c845
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-