General
-
Target
IMG-47654567876543456787657890987345.exe
-
Size
274KB
-
Sample
210226-z9cj2zgfz2
-
MD5
17b5014f0b9875f2cf694c601fd3d092
-
SHA1
affa28ff460616aa8d8764c787629ff2062b5214
-
SHA256
f08b8e11e1ee6582dfc17700abef3791e34b3f0cdfc040a74c1ae3e814e6464d
-
SHA512
3854a683876384201a7c5d4c5afbdf1722aa49a370562634d29b3386709eb195912df387eebacd7f81678a5bd2e045fad3f3e2cd90e6313d27b4f3d5afcd9334
Static task
static1
Behavioral task
behavioral1
Sample
IMG-47654567876543456787657890987345.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG-47654567876543456787657890987345.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.akhnudoff.com - Port:
587 - Username:
[email protected] - Password:
shirtmachine123
Targets
-
-
Target
IMG-47654567876543456787657890987345.exe
-
Size
274KB
-
MD5
17b5014f0b9875f2cf694c601fd3d092
-
SHA1
affa28ff460616aa8d8764c787629ff2062b5214
-
SHA256
f08b8e11e1ee6582dfc17700abef3791e34b3f0cdfc040a74c1ae3e814e6464d
-
SHA512
3854a683876384201a7c5d4c5afbdf1722aa49a370562634d29b3386709eb195912df387eebacd7f81678a5bd2e045fad3f3e2cd90e6313d27b4f3d5afcd9334
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-