General
-
Target
IMG-68765678765456765445678-678987.exe
-
Size
369KB
-
Sample
210226-mkvtw88c3e
-
MD5
baca83a05dacc73e51e87368f80c3dc6
-
SHA1
7e901954ace906e16fcfc717f089da7567804908
-
SHA256
60c9b4a4d205c0eefbc2d78ac2bb5cb40a08a4be11dd61f9155f27287b3fbc57
-
SHA512
524f1da98d1093bfa720f262c1adab062f30feff29a399d8d513d188e340245615e684267a820259150734099c2f59cbbe53b9bf37552c67dccbdf9c832c8c38
Static task
static1
Behavioral task
behavioral1
Sample
IMG-68765678765456765445678-678987.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG-68765678765456765445678-678987.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.akhnudoff.com - Port:
587 - Username:
nsuleymanov@akhnudoff.com - Password:
shirtmachine123
Targets
-
-
Target
IMG-68765678765456765445678-678987.exe
-
Size
369KB
-
MD5
baca83a05dacc73e51e87368f80c3dc6
-
SHA1
7e901954ace906e16fcfc717f089da7567804908
-
SHA256
60c9b4a4d205c0eefbc2d78ac2bb5cb40a08a4be11dd61f9155f27287b3fbc57
-
SHA512
524f1da98d1093bfa720f262c1adab062f30feff29a399d8d513d188e340245615e684267a820259150734099c2f59cbbe53b9bf37552c67dccbdf9c832c8c38
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-