General
-
Target
vkFhiUvXw8joCXn.exe
-
Size
851KB
-
Sample
210511-jt3j2hjdl6
-
MD5
7e6a19d305a690e887020b9fe1b57488
-
SHA1
a283a4245b4b0b979ec7e63bda0fa41725b7adec
-
SHA256
ef493fe2688db7c97fd7e0af12bae0b42aeee9c1c7ccf241865e1cfa5cb50cac
-
SHA512
d1e3b9608ef58e25992ffa11f2d6550e633c48cd1888edc7c82530b31fff3edb922dd1a0f22384623bc6371409f8daa6936d968fcb7ceb35e96ce76a4894f585
Static task
static1
Behavioral task
behavioral1
Sample
vkFhiUvXw8joCXn.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
vkFhiUvXw8joCXn.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
wasstech.com - Port:
587 - Username:
psme@wasstech.com - Password:
Sunray2700@@
Targets
-
-
Target
vkFhiUvXw8joCXn.exe
-
Size
851KB
-
MD5
7e6a19d305a690e887020b9fe1b57488
-
SHA1
a283a4245b4b0b979ec7e63bda0fa41725b7adec
-
SHA256
ef493fe2688db7c97fd7e0af12bae0b42aeee9c1c7ccf241865e1cfa5cb50cac
-
SHA512
d1e3b9608ef58e25992ffa11f2d6550e633c48cd1888edc7c82530b31fff3edb922dd1a0f22384623bc6371409f8daa6936d968fcb7ceb35e96ce76a4894f585
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-