General
-
Target
WN4gbQOiEGOnFMa.exe
-
Size
601KB
-
Sample
210421-nzfykyzb9j
-
MD5
a4b94521170a0d99c8a9f0fe8c648561
-
SHA1
b7a942b4c7704562e23d2e888a07a026fb49fe7d
-
SHA256
9a597f3b7ec4bb4a3e54c966b95ca6cb543ca467fbc9397a66713187d77a7b97
-
SHA512
0e4947fe3b205793521344ce09e9f9d67359d6166a1c954fc227cd1d3df5505b1c615eff7e5fbd1e64a7e2e845751e03603ef0c11ff107b63933a43fbc0a9a1b
Static task
static1
Behavioral task
behavioral1
Sample
WN4gbQOiEGOnFMa.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
WN4gbQOiEGOnFMa.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
marketing@eximindiacorporation.com - Password:
Admin_123
Targets
-
-
Target
WN4gbQOiEGOnFMa.exe
-
Size
601KB
-
MD5
a4b94521170a0d99c8a9f0fe8c648561
-
SHA1
b7a942b4c7704562e23d2e888a07a026fb49fe7d
-
SHA256
9a597f3b7ec4bb4a3e54c966b95ca6cb543ca467fbc9397a66713187d77a7b97
-
SHA512
0e4947fe3b205793521344ce09e9f9d67359d6166a1c954fc227cd1d3df5505b1c615eff7e5fbd1e64a7e2e845751e03603ef0c11ff107b63933a43fbc0a9a1b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-