General
-
Target
will.exe
-
Size
641KB
-
Sample
210415-4vpgg7p2z2
-
MD5
0d24edbababf83cfc896376cff5faa7d
-
SHA1
a7253544a3b15c1e6e87b5e667ce2f7fe3f5d342
-
SHA256
884e1915901c600a0e0203c06de3a208a1adba49289f7ee8f910fa112782357e
-
SHA512
6a7286aa8436e99e4f96af8d1667e74aef312e34778a65175d564058d7f88062c9df93fe66e4c3c2d87986eef1f6ab5eea9be97cab55f125355163ff1d1914cc
Static task
static1
Behavioral task
behavioral1
Sample
will.exe
Resource
win7v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.eczanaerya.com - Port:
587 - Username:
John@eczanaerya.com - Password:
daunting@123
Targets
-
-
Target
will.exe
-
Size
641KB
-
MD5
0d24edbababf83cfc896376cff5faa7d
-
SHA1
a7253544a3b15c1e6e87b5e667ce2f7fe3f5d342
-
SHA256
884e1915901c600a0e0203c06de3a208a1adba49289f7ee8f910fa112782357e
-
SHA512
6a7286aa8436e99e4f96af8d1667e74aef312e34778a65175d564058d7f88062c9df93fe66e4c3c2d87986eef1f6ab5eea9be97cab55f125355163ff1d1914cc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-