General
-
Target
Statement Of Account.exe
-
Size
610KB
-
Sample
210421-etwtsp3yt6
-
MD5
c51b73620f05f9cecd5ad9c9b8534f55
-
SHA1
de36fe4c91b287533a241dbb5a4942a5e9bb151f
-
SHA256
1782d596257cfdebb26faf0e26a0c153575e047f036f5aa2c37c341d5a4004e8
-
SHA512
b336fd339b49f1fac45014fc96ab24bbce269c8cc78917d2feb1c13a7aa5728fa7f78309c53b431885baebac3ea662c83d52ef09ad3c7018320e06f3a5896df7
Static task
static1
Behavioral task
behavioral1
Sample
Statement Of Account.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Statement Of Account.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
sanjay@eximindiacorporation.com - Password:
Admin_123
Targets
-
-
Target
Statement Of Account.exe
-
Size
610KB
-
MD5
c51b73620f05f9cecd5ad9c9b8534f55
-
SHA1
de36fe4c91b287533a241dbb5a4942a5e9bb151f
-
SHA256
1782d596257cfdebb26faf0e26a0c153575e047f036f5aa2c37c341d5a4004e8
-
SHA512
b336fd339b49f1fac45014fc96ab24bbce269c8cc78917d2feb1c13a7aa5728fa7f78309c53b431885baebac3ea662c83d52ef09ad3c7018320e06f3a5896df7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-