General
-
Target
HCM - JACKSONVILLE, FL.exe
-
Size
1.1MB
-
Sample
210420-rzz65klk3x
-
MD5
74bd64c0ec695f0f8177b08bd961c2db
-
SHA1
a0df1a7e20933db43bdd8b44ffcfe466fbebdec0
-
SHA256
cd04b35e2ed6848898fb8a61a027f9546ac28413012a48c428ce76d36312de43
-
SHA512
1f659e11081ae83c252e5dd4cf761bb4e76a8ce2ad650982ed650dc6fc9227c6c798c74e2c0c91edd05a037f1ba8c1016148cc43b770005d76895b02f8b3b27a
Static task
static1
Behavioral task
behavioral1
Sample
HCM - JACKSONVILLE, FL.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
HCM - JACKSONVILLE, FL.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
[email protected] - Password:
lister11
Targets
-
-
Target
HCM - JACKSONVILLE, FL.exe
-
Size
1.1MB
-
MD5
74bd64c0ec695f0f8177b08bd961c2db
-
SHA1
a0df1a7e20933db43bdd8b44ffcfe466fbebdec0
-
SHA256
cd04b35e2ed6848898fb8a61a027f9546ac28413012a48c428ce76d36312de43
-
SHA512
1f659e11081ae83c252e5dd4cf761bb4e76a8ce2ad650982ed650dc6fc9227c6c798c74e2c0c91edd05a037f1ba8c1016148cc43b770005d76895b02f8b3b27a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-