General
-
Target
AS4852.exe
-
Size
878KB
-
Sample
210421-fkppabzs2x
-
MD5
8e89d91f85cfff34a8d12ede04b1614c
-
SHA1
d3d52466a4ca5e6be70c023786be9c0f5da4f441
-
SHA256
53c98412c17c1a408f79f6a2ed8de3bf51c970eb6968e7e9b41bc38fa9e242ed
-
SHA512
d90783f712c5f012d920b9f95027edc898f8ef0b1e85665982929c082bf9eccab101b9c715f2c50e6a93cf2eac162b0e2520d12a2a3dbc0dd3b7e9ec7b7fda53
Static task
static1
Behavioral task
behavioral1
Sample
AS4852.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
AS4852.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://45.141.152.18/ - Port:
21 - Username:
farmlogs@vancrenanbroek.com - Password:
wTk4W1Uhkp5u
Targets
-
-
Target
AS4852.exe
-
Size
878KB
-
MD5
8e89d91f85cfff34a8d12ede04b1614c
-
SHA1
d3d52466a4ca5e6be70c023786be9c0f5da4f441
-
SHA256
53c98412c17c1a408f79f6a2ed8de3bf51c970eb6968e7e9b41bc38fa9e242ed
-
SHA512
d90783f712c5f012d920b9f95027edc898f8ef0b1e85665982929c082bf9eccab101b9c715f2c50e6a93cf2eac162b0e2520d12a2a3dbc0dd3b7e9ec7b7fda53
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-