General
-
Target
TWI-SHA 202102.rar
-
Size
52KB
-
Sample
210414-6xsjwhdsyj
-
MD5
2d4a22b1391e4cd7150280bbbe1bdf7e
-
SHA1
07bfcdcc7ec434fe45696626920d30ff9666f019
-
SHA256
1cd53c7db5f180ba563a800ebfd7dfd44445dc21a3dcd89ed0ae60ea52ea184f
-
SHA512
14b63173b21767554829a5feb141e0904afaa33065d1ad4c9e125afc8e6e5ae1ede5b9ddea42462c82512d2cdad0d886963826c292c60065f5b78a33a49bb82d
Static task
static1
Behavioral task
behavioral1
Sample
TWI-SHA 202102.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
TWI-SHA 202102.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
p.pisapia@simonetta-it.co - Password:
HywxEue7
Targets
-
-
Target
TWI-SHA 202102.exe
-
Size
156KB
-
MD5
d5b8e2ce449917bf395454082de6cba9
-
SHA1
fe872c03ceef39422218003bc5a34be4faf47e55
-
SHA256
981d483b809a8d146115d1a1feb7bb8d588e014a0f009deb528662d39f5657e4
-
SHA512
54dc37f2345a4b70786920c80adf8c1fc72c9ab97edf95b239453c081ab221134fbbc8ae8d8fd3ce635d4b3aec8f42fbc44005930e917e10e1a72cbd5e442e48
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Guloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-