General
-
Target
BONI APRIL_crypted.exe
-
Size
903KB
-
Sample
210420-hsx466kr56
-
MD5
708d11a25a4ddd88d5899b5ffe642d41
-
SHA1
a2cd6f3c44f48427c3a21341caf942b375ccd667
-
SHA256
7d6bf00d1b0386114a7021a91332b12c8116a9c2d50272ef2f02f7b92a5289c8
-
SHA512
3d6bfdb8b6f7cdeb89c55a18d0c5ecf01ff364df5f8eb9df8a98ed5ef338a3c45ac0613aa1a44f1d6a20de5133d5f1082982f80ad107d9547296f2b4c469305e
Static task
static1
Behavioral task
behavioral1
Sample
BONI APRIL_crypted.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
BONI APRIL_crypted.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
Admin_123
Targets
-
-
Target
BONI APRIL_crypted.exe
-
Size
903KB
-
MD5
708d11a25a4ddd88d5899b5ffe642d41
-
SHA1
a2cd6f3c44f48427c3a21341caf942b375ccd667
-
SHA256
7d6bf00d1b0386114a7021a91332b12c8116a9c2d50272ef2f02f7b92a5289c8
-
SHA512
3d6bfdb8b6f7cdeb89c55a18d0c5ecf01ff364df5f8eb9df8a98ed5ef338a3c45ac0613aa1a44f1d6a20de5133d5f1082982f80ad107d9547296f2b4c469305e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-