General
-
Target
35742.exe
-
Size
763KB
-
Sample
210419-z18slnb3ye
-
MD5
475f12cc2635e010575a69ea39b22968
-
SHA1
17ac5e0c5e50808d5bb495d63f478687fdd297ab
-
SHA256
51af0a175f8c7ef9d3e6b06b54ed1c8b4175f21ebac90816c6c36fd0e62ef654
-
SHA512
57be18e887239afd6290715cfd1df6c1afa2e2a6c360c7a7905ddffe13cb669624092b2adb3d2452d95b6c9b5502d2319d03e52bb4c704f291ab81042aa70854
Static task
static1
Behavioral task
behavioral1
Sample
35742.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
35742.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://45.141.152.18/ - Port:
21 - Username:
[email protected] - Password:
wTk4W1Uhkp5u
Targets
-
-
Target
35742.exe
-
Size
763KB
-
MD5
475f12cc2635e010575a69ea39b22968
-
SHA1
17ac5e0c5e50808d5bb495d63f478687fdd297ab
-
SHA256
51af0a175f8c7ef9d3e6b06b54ed1c8b4175f21ebac90816c6c36fd0e62ef654
-
SHA512
57be18e887239afd6290715cfd1df6c1afa2e2a6c360c7a7905ddffe13cb669624092b2adb3d2452d95b6c9b5502d2319d03e52bb4c704f291ab81042aa70854
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-