General
-
Target
apr.21.Product Details.gz.exe
-
Size
606KB
-
Sample
210421-ytb3w94k8x
-
MD5
33324848fc1059e40ae3dee5d1dcd53b
-
SHA1
f35711b5fbefad26196f9b5facbc4d0b1c1c416c
-
SHA256
186d7ab22deb56beb07f28168590818e395461bb06a8f4170d5a4178448ce1ea
-
SHA512
dba8e59819ba6126bb1640786b4909f82057aaf7fe8293935cc71691cb2893880c50bc59d507970ed78165497b98bbe66ef6566c9e7b86c741927d94e3b4b60a
Static task
static1
Behavioral task
behavioral1
Sample
apr.21.Product Details.gz.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
apr.21.Product Details.gz.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.libreriaunoes.com/ - Port:
21 - Username:
adminer@libreriaunoes.com - Password:
aIjgiT5m
Targets
-
-
Target
apr.21.Product Details.gz.exe
-
Size
606KB
-
MD5
33324848fc1059e40ae3dee5d1dcd53b
-
SHA1
f35711b5fbefad26196f9b5facbc4d0b1c1c416c
-
SHA256
186d7ab22deb56beb07f28168590818e395461bb06a8f4170d5a4178448ce1ea
-
SHA512
dba8e59819ba6126bb1640786b4909f82057aaf7fe8293935cc71691cb2893880c50bc59d507970ed78165497b98bbe66ef6566c9e7b86c741927d94e3b4b60a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-