General
-
Target
1.exe
-
Size
1.1MB
-
Sample
210421-2c3wpcvvj6
-
MD5
d197fc0d1bee7cec4228b1def196e658
-
SHA1
6e304c91443bed03ad05edfca4826b3b86a877d2
-
SHA256
b2e0edd97b3cb9ab596fab2109b93c46a389e1f9d637b7fe5099977966838771
-
SHA512
8bb0b4a55d61f0af9b881c3427d6bf9e7a187409137cce63d94f62511ac3d57322104fb8cf75ac1bc8881c0fcc7f287d0e0599ae6f0a94901f0af6f39080dcf4
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.libreriaunoes.com/ - Port:
21 - Username:
[email protected] - Password:
aIjgiT5m
Targets
-
-
Target
1.exe
-
Size
1.1MB
-
MD5
d197fc0d1bee7cec4228b1def196e658
-
SHA1
6e304c91443bed03ad05edfca4826b3b86a877d2
-
SHA256
b2e0edd97b3cb9ab596fab2109b93c46a389e1f9d637b7fe5099977966838771
-
SHA512
8bb0b4a55d61f0af9b881c3427d6bf9e7a187409137cce63d94f62511ac3d57322104fb8cf75ac1bc8881c0fcc7f287d0e0599ae6f0a94901f0af6f39080dcf4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-