General
-
Target
CBE-HDY-1911.cab
-
Size
350KB
-
Sample
210421-pjxk33tg6n
-
MD5
78997f82fc9b53550a6997b5a203e8b9
-
SHA1
0aa4a89271eec076e5d1d36bd695d8baff2df9d8
-
SHA256
55c3e2d73b6620fe44e9e4509f278f0588787b95a3805b30cb3a4bfcca87bb7b
-
SHA512
df200e4a605662c0ef0d3ca5715d2cdb7bb06847eb46ce9cc7d7a754e887ea2f1bb0650be82d97b5d74c0537e17e8428f73224cacf74e797c225594743166d6c
Static task
static1
Behavioral task
behavioral1
Sample
CBE-HDY-1911.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
CBE-HDY-1911.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.t7global-my.com - Port:
587 - Username:
manage@t7global-my.com - Password:
KyDCvxSl$2
Targets
-
-
Target
CBE-HDY-1911.exe
-
Size
460KB
-
MD5
502049e944a8d3bbb0138098597b30e8
-
SHA1
5242d649abb58f4d797bad53c448bd5028a7fdce
-
SHA256
2be649f814ee89705f39489d11d8dc2d32e76ba97cec1f0707edc0ec4b4aa060
-
SHA512
61270a3112f90358050597ddc0c92c70a8d086b42d3e1bcbdabca8751730835f0ccd13ae3536fdcc688fbeedb9d69087acc7bf9d2861a698b68ecce15f164e8d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-