General
-
Target
documents.exe
-
Size
931KB
-
Sample
210511-91vrr316hn
-
MD5
dabf948fefbfb4f9865e3f5a21582f37
-
SHA1
6bdd7d4796e442bbef69b5beb40642c1d96e8f4d
-
SHA256
4df30f642fff436c30bef6a48d5e8b6031fbb9236bf85e03c020bb42e9fdb734
-
SHA512
7537f94d4374e6e8f7127ca40b3a9901168b394f5739b8856180f9cb913de5f17480cddcb222133bf2ad3eaaf5700e49eb0a5c100accad626ec225a69d552858
Static task
static1
Behavioral task
behavioral1
Sample
documents.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
documents.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
http://hosseinsoltani.ir/wp-includes/ikkk/inc/2cd7296286fa89.php
Targets
-
-
Target
documents.exe
-
Size
931KB
-
MD5
dabf948fefbfb4f9865e3f5a21582f37
-
SHA1
6bdd7d4796e442bbef69b5beb40642c1d96e8f4d
-
SHA256
4df30f642fff436c30bef6a48d5e8b6031fbb9236bf85e03c020bb42e9fdb734
-
SHA512
7537f94d4374e6e8f7127ca40b3a9901168b394f5739b8856180f9cb913de5f17480cddcb222133bf2ad3eaaf5700e49eb0a5c100accad626ec225a69d552858
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-