General
-
Target
f17d8c94783597296264ab489cfc64b8.exe
-
Size
625KB
-
Sample
210419-kdvey5zm2n
-
MD5
f17d8c94783597296264ab489cfc64b8
-
SHA1
b967e59eabac83697e27576e54420623d5ebedfb
-
SHA256
3b3f6d41ee6c1f630f6aa74edbe5d524fe2333a91e5234509c647432f663819f
-
SHA512
b2ae3996f8a80b4e2689616b4b4443bfd9aff6633515713e451931650054b588e129389278f0e8eeb8820d5980f5f165f4cdc921a8d196a3a16f212628a3de38
Static task
static1
Behavioral task
behavioral1
Sample
f17d8c94783597296264ab489cfc64b8.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
f17d8c94783597296264ab489cfc64b8.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.scrablex.com - Port:
587 - Username:
[email protected] - Password:
Chisom123.
Targets
-
-
Target
f17d8c94783597296264ab489cfc64b8.exe
-
Size
625KB
-
MD5
f17d8c94783597296264ab489cfc64b8
-
SHA1
b967e59eabac83697e27576e54420623d5ebedfb
-
SHA256
3b3f6d41ee6c1f630f6aa74edbe5d524fe2333a91e5234509c647432f663819f
-
SHA512
b2ae3996f8a80b4e2689616b4b4443bfd9aff6633515713e451931650054b588e129389278f0e8eeb8820d5980f5f165f4cdc921a8d196a3a16f212628a3de38
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-