General
-
Target
Request for Proposal – Byco project..exe
-
Size
853KB
-
Sample
210511-en24eg3ngj
-
MD5
c895410694b7aaed3c3495536c240a93
-
SHA1
3abe57e1d7073caf1711dbc4bd82df7379f47211
-
SHA256
5a8ea261a8f88443529553058026027054b62c7dc2969632de08212db8293e27
-
SHA512
9fb79b5301ef47f5389cc5a08de07fd26f383d77d3d1578f3de7dfaebdd19a586360c006c9cdbd86efb60a38c7e0fc39548cd39a8e96cde6110a76ec53f5a9cb
Static task
static1
Behavioral task
behavioral1
Sample
Request for Proposal – Byco project..exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Request for Proposal – Byco project..exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1855581212:AAGSsAgiKOAKCEx8_hulz-BQit55_qDVNsM/sendDocument
Targets
-
-
Target
Request for Proposal – Byco project..exe
-
Size
853KB
-
MD5
c895410694b7aaed3c3495536c240a93
-
SHA1
3abe57e1d7073caf1711dbc4bd82df7379f47211
-
SHA256
5a8ea261a8f88443529553058026027054b62c7dc2969632de08212db8293e27
-
SHA512
9fb79b5301ef47f5389cc5a08de07fd26f383d77d3d1578f3de7dfaebdd19a586360c006c9cdbd86efb60a38c7e0fc39548cd39a8e96cde6110a76ec53f5a9cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-