General
-
Target
SecuriteInfo.com.Trojan.Win32.Save.a.19445.26450
-
Size
30KB
-
Sample
210420-walek8956j
-
MD5
715bd23d518811ec970b9288cfb597c8
-
SHA1
ac72a4d1740020e2398a8c15e6d701b42a822767
-
SHA256
56fe9a0f74d14a3992855acd45b0f73f663abecc4066d39838218402a0555f73
-
SHA512
2c298f27a63cfc53b3f06dbaa28cb4065a99e22b07d2e6fc704ed0a31e6eb52cb774d66d81bfbed3fcb4351a620c8ca1eb108f03d3236685a22efa819d45d716
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Win32.Save.a.19445.26450.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Win32.Save.a.19445.26450.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
utari.iixcp.rumahweb.com - Port:
587 - Username:
ugofavour@tonscoindo.com - Password:
#t.jTrXnOmWX
Targets
-
-
Target
SecuriteInfo.com.Trojan.Win32.Save.a.19445.26450
-
Size
30KB
-
MD5
715bd23d518811ec970b9288cfb597c8
-
SHA1
ac72a4d1740020e2398a8c15e6d701b42a822767
-
SHA256
56fe9a0f74d14a3992855acd45b0f73f663abecc4066d39838218402a0555f73
-
SHA512
2c298f27a63cfc53b3f06dbaa28cb4065a99e22b07d2e6fc704ed0a31e6eb52cb774d66d81bfbed3fcb4351a620c8ca1eb108f03d3236685a22efa819d45d716
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-