General
-
Target
35742.PDF.zip
-
Size
591KB
-
Sample
210419-78d29y8gk2
-
MD5
fc4b92a4e44a425edd0b22718d055da0
-
SHA1
13fda16601486b818acf54b10b0f764b5a5b75fe
-
SHA256
5b1f24d4df73a4b7030f827e2ac416691b4bfd3fe8f1bd7e08d9a066b46fb9b7
-
SHA512
d664f55a3f35dd224f4c7b58f6ea2964dd3966a1ffc7dafc43dee952ab0e135541938c7c6da664573c613bbc655d910becbdfc5f3d60d70e1b05eb14c7defe1c
Static task
static1
Behavioral task
behavioral1
Sample
35742.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
35742.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://45.141.152.18/ - Port:
21 - Username:
[email protected] - Password:
wTk4W1Uhkp5u
Targets
-
-
Target
35742.exe
-
Size
763KB
-
MD5
475f12cc2635e010575a69ea39b22968
-
SHA1
17ac5e0c5e50808d5bb495d63f478687fdd297ab
-
SHA256
51af0a175f8c7ef9d3e6b06b54ed1c8b4175f21ebac90816c6c36fd0e62ef654
-
SHA512
57be18e887239afd6290715cfd1df6c1afa2e2a6c360c7a7905ddffe13cb669624092b2adb3d2452d95b6c9b5502d2319d03e52bb4c704f291ab81042aa70854
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-