General
-
Target
caf72c413dd24152b5cc8051faa406de4efd388ccb1048259807cb28fc5811ae
-
Size
421KB
-
Sample
210423-td61kltb4s
-
MD5
86cf9ae2230df8235656170292d3553e
-
SHA1
67208731b51d433a189ad883f1b48c8decc95100
-
SHA256
caf72c413dd24152b5cc8051faa406de4efd388ccb1048259807cb28fc5811ae
-
SHA512
72a17a1b87c0e6b2dc33d19b5ac3db564147c7561b676a780643e9ee93dab572110654bce11fcd95b5ccba0d135f1e387cfcc5a7d8656994454d4221e1e7bebf
Static task
static1
Behavioral task
behavioral1
Sample
caf72c413dd24152b5cc8051faa406de4efd388ccb1048259807cb28fc5811ae.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
caf72c413dd24152b5cc8051faa406de4efd388ccb1048259807cb28fc5811ae.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hyshippingcn.com - Port:
587 - Username:
plogs112@hyshippingcn.com - Password:
e*u@qkS4
Targets
-
-
Target
caf72c413dd24152b5cc8051faa406de4efd388ccb1048259807cb28fc5811ae
-
Size
421KB
-
MD5
86cf9ae2230df8235656170292d3553e
-
SHA1
67208731b51d433a189ad883f1b48c8decc95100
-
SHA256
caf72c413dd24152b5cc8051faa406de4efd388ccb1048259807cb28fc5811ae
-
SHA512
72a17a1b87c0e6b2dc33d19b5ac3db564147c7561b676a780643e9ee93dab572110654bce11fcd95b5ccba0d135f1e387cfcc5a7d8656994454d4221e1e7bebf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detects AgentTesla XORed config.
Detects AgentTesla XORed config.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-