General
-
Target
b47160d5d81de4c8094c324ea1b524f9.exe
-
Size
481KB
-
Sample
210423-8s95fvm226
-
MD5
b47160d5d81de4c8094c324ea1b524f9
-
SHA1
b5a67e93d6732cddb54571ec210bcdbfcce981dd
-
SHA256
e94b5aa20648fa643e0ca1a1c5f182626512f65feb4e1ad6f71b7fc4b20ad634
-
SHA512
96904793cf9c988e4704413d16b2932038aec96920ed634f9c0043c8c414d2bf7f4d350a1606a8c946f5bebc4587c1051358c81a87d83700c9ef969297b93645
Static task
static1
Behavioral task
behavioral1
Sample
b47160d5d81de4c8094c324ea1b524f9.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b47160d5d81de4c8094c324ea1b524f9.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
sammorris@askoblue.com - Password:
P)RTDOg8
Targets
-
-
Target
b47160d5d81de4c8094c324ea1b524f9.exe
-
Size
481KB
-
MD5
b47160d5d81de4c8094c324ea1b524f9
-
SHA1
b5a67e93d6732cddb54571ec210bcdbfcce981dd
-
SHA256
e94b5aa20648fa643e0ca1a1c5f182626512f65feb4e1ad6f71b7fc4b20ad634
-
SHA512
96904793cf9c988e4704413d16b2932038aec96920ed634f9c0043c8c414d2bf7f4d350a1606a8c946f5bebc4587c1051358c81a87d83700c9ef969297b93645
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-