General
-
Target
40b7776a47fc1062ec85c3e31c91eb81.exe
-
Size
659KB
-
Sample
210504-hak8gzv6ln
-
MD5
40b7776a47fc1062ec85c3e31c91eb81
-
SHA1
f7fa298d4c174d4e43ca92e5c8186db4589253f1
-
SHA256
a34349626b55e6a946fd59e9a59f50da9cf8d50418e69fd337ad523526289ad2
-
SHA512
f726111693b664bc0662c705135c55c270211b6862240150d673380ce6fd34d17553356526a2661c1d345b0bcb37b64a770b049a889cc8413d1d0bd7e335e3d7
Static task
static1
Behavioral task
behavioral1
Sample
40b7776a47fc1062ec85c3e31c91eb81.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
40b7776a47fc1062ec85c3e31c91eb81.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rodcointl.com - Port:
587 - Username:
rodco@rodcointl.com - Password:
rodco110449a
Targets
-
-
Target
40b7776a47fc1062ec85c3e31c91eb81.exe
-
Size
659KB
-
MD5
40b7776a47fc1062ec85c3e31c91eb81
-
SHA1
f7fa298d4c174d4e43ca92e5c8186db4589253f1
-
SHA256
a34349626b55e6a946fd59e9a59f50da9cf8d50418e69fd337ad523526289ad2
-
SHA512
f726111693b664bc0662c705135c55c270211b6862240150d673380ce6fd34d17553356526a2661c1d345b0bcb37b64a770b049a889cc8413d1d0bd7e335e3d7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-