General
-
Target
EQUIPMENT MATERAILS NEEDED.exe
-
Size
765KB
-
Sample
210226-5pp3q8sra2
-
MD5
39c394bba15fb14020e2d939ba91d957
-
SHA1
db372cb164a8b984a9939058f024e901cbe00f81
-
SHA256
4b42e00e660b8642f39a05d3b054ee060274b88fb11cb15f2e97b27daaac9efd
-
SHA512
f137fc9b1319dfac598123591fa74bcb6a46598ef70302265ef683e77e3ec6e70fdba463d4ddfaa2cb19e4670ffd9c05e2c35bdbde2ce8229553ec61c191c845
Static task
static1
Behavioral task
behavioral1
Sample
EQUIPMENT MATERAILS NEEDED.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
EQUIPMENT MATERAILS NEEDED.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.twu-info.us - Port:
587 - Username:
[email protected] - Password:
L@ywYdM6
Targets
-
-
Target
EQUIPMENT MATERAILS NEEDED.exe
-
Size
765KB
-
MD5
39c394bba15fb14020e2d939ba91d957
-
SHA1
db372cb164a8b984a9939058f024e901cbe00f81
-
SHA256
4b42e00e660b8642f39a05d3b054ee060274b88fb11cb15f2e97b27daaac9efd
-
SHA512
f137fc9b1319dfac598123591fa74bcb6a46598ef70302265ef683e77e3ec6e70fdba463d4ddfaa2cb19e4670ffd9c05e2c35bdbde2ce8229553ec61c191c845
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-