General
-
Target
Payment.zip
-
Size
516KB
-
Sample
210421-ahtn69fr9n
-
MD5
d6ea4160f408cce8aae4a84d37d9e921
-
SHA1
3012a93021a3d45edeb98b9ab6f42bb1d880fcc4
-
SHA256
40697fea925326e0b55469750354352c0c7d36f7abe00699e013e55e9afeae2d
-
SHA512
f6a68eb7b26015546dec21159e9f145ca30600a8474d79108d40114aedb6c568151e6b2504e058a52cad30adf1d7d4796bd17e9c4a478de162ddc96fb847a7e9
Static task
static1
Behavioral task
behavioral1
Sample
WN4gbQOiEGOnFMa.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
WN4gbQOiEGOnFMa.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
marketing@eximindiacorporation.com - Password:
Admin_123
Targets
-
-
Target
WN4gbQOiEGOnFMa.exe
-
Size
601KB
-
MD5
a4b94521170a0d99c8a9f0fe8c648561
-
SHA1
b7a942b4c7704562e23d2e888a07a026fb49fe7d
-
SHA256
9a597f3b7ec4bb4a3e54c966b95ca6cb543ca467fbc9397a66713187d77a7b97
-
SHA512
0e4947fe3b205793521344ce09e9f9d67359d6166a1c954fc227cd1d3df5505b1c615eff7e5fbd1e64a7e2e845751e03603ef0c11ff107b63933a43fbc0a9a1b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-