General
-
Target
e3d5c11d31e846fdd97aa30d811ab0394125b274f6d0c5b8fde33018d9cc4dd4
-
Size
878KB
-
Sample
210423-gs93v7ysd6
-
MD5
52b43c946e57e59389fe82b6fbe5ce0e
-
SHA1
bb0dc81cce768f1fd028bd1e0f2c1e04cb33c53e
-
SHA256
e3d5c11d31e846fdd97aa30d811ab0394125b274f6d0c5b8fde33018d9cc4dd4
-
SHA512
1ab490914da330dcb251bfe9d0a179c1b923da8d7da44187466b3bcffb93b39df825d09119aae96689f6c86bd50aa67b08a1fc93b2fbb343081701b2395d84fd
Static task
static1
Behavioral task
behavioral1
Sample
e3d5c11d31e846fdd97aa30d811ab0394125b274f6d0c5b8fde33018d9cc4dd4.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
e3d5c11d31e846fdd97aa30d811ab0394125b274f6d0c5b8fde33018d9cc4dd4.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
wasstech.com - Port:
587 - Username:
newsbulletin@wasstech.com - Password:
Sunray2700@@
Targets
-
-
Target
e3d5c11d31e846fdd97aa30d811ab0394125b274f6d0c5b8fde33018d9cc4dd4
-
Size
878KB
-
MD5
52b43c946e57e59389fe82b6fbe5ce0e
-
SHA1
bb0dc81cce768f1fd028bd1e0f2c1e04cb33c53e
-
SHA256
e3d5c11d31e846fdd97aa30d811ab0394125b274f6d0c5b8fde33018d9cc4dd4
-
SHA512
1ab490914da330dcb251bfe9d0a179c1b923da8d7da44187466b3bcffb93b39df825d09119aae96689f6c86bd50aa67b08a1fc93b2fbb343081701b2395d84fd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detects AgentTesla XORed config.
Detects AgentTesla XORed config.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-