General
-
Target
IMG_001 IMG_SCAN.JPG.EXE
-
Size
596KB
-
Sample
210422-94e52z36l6
-
MD5
045cb3d182ab7b7b92ede2e554ae9398
-
SHA1
47a33a9ccfbdfa44af54d1a2bccfae1dd4dea428
-
SHA256
9b3e4327c19bd28f38df34eaceef8611d9268cf95aea1fd2a026b26e57ca5ab4
-
SHA512
9517c57eee3172d906cab3b5b073904659f676ce305a3368e7cf1a6c621c61d671720ac010f1cd9c54ed7786daca0ab5f08d8811099138f53bbe5e1673f2e1f5
Static task
static1
Behavioral task
behavioral1
Sample
IMG_001 IMG_SCAN.JPG.EXE
Resource
win7v20210408
Behavioral task
behavioral2
Sample
IMG_001 IMG_SCAN.JPG.EXE
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1652586889:AAH8lHbzvtT4QjX1_-3uSZQlT1RC65TAqMU/sendDocument
Targets
-
-
Target
IMG_001 IMG_SCAN.JPG.EXE
-
Size
596KB
-
MD5
045cb3d182ab7b7b92ede2e554ae9398
-
SHA1
47a33a9ccfbdfa44af54d1a2bccfae1dd4dea428
-
SHA256
9b3e4327c19bd28f38df34eaceef8611d9268cf95aea1fd2a026b26e57ca5ab4
-
SHA512
9517c57eee3172d906cab3b5b073904659f676ce305a3368e7cf1a6c621c61d671720ac010f1cd9c54ed7786daca0ab5f08d8811099138f53bbe5e1673f2e1f5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-