General
-
Target
AS4852.pdf.7z
-
Size
589KB
-
Sample
210421-n3vz4jwaxn
-
MD5
db92f30233835a185e9059398fdedfbc
-
SHA1
f1dc27ec47e61f17c7b0bd217f72c710908ab795
-
SHA256
45748cae60c27bb027d6d92ad469942a33f4c500fbd4406bfc77a5ca42165f6b
-
SHA512
4b9054f9e7b243db7b80a26ce2d1491abd346da311f56811fd7736142960205af1a55d327550c2ea808d09c96a193e0faace94ed1e94e6447d4d3931536f968a
Static task
static1
Behavioral task
behavioral1
Sample
AS4852.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
AS4852.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://45.141.152.18/ - Port:
21 - Username:
farmlogs@vancrenanbroek.com - Password:
wTk4W1Uhkp5u
Targets
-
-
Target
AS4852.exe
-
Size
878KB
-
MD5
8e89d91f85cfff34a8d12ede04b1614c
-
SHA1
d3d52466a4ca5e6be70c023786be9c0f5da4f441
-
SHA256
53c98412c17c1a408f79f6a2ed8de3bf51c970eb6968e7e9b41bc38fa9e242ed
-
SHA512
d90783f712c5f012d920b9f95027edc898f8ef0b1e85665982929c082bf9eccab101b9c715f2c50e6a93cf2eac162b0e2520d12a2a3dbc0dd3b7e9ec7b7fda53
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-