General
-
Target
9a.zip
-
Size
842KB
-
Sample
210511-rcfjwfg1e2
-
MD5
4dd27d98135d6d880614ca52b80ece2a
-
SHA1
b1410fea52e8c6a9ebc0ac4dbdc9a3e965e4c02b
-
SHA256
f5ee737b249404364f5a612625968bfac7bc890798c9d66c9c0467032638fc6c
-
SHA512
e374e35541ea11a72ebb482d9a5b6792666dcdf33fb3dec8b10dec4ab258d075d7dde786694f9aece351a9b05a3186d2b1f6055748b7dfc5bafa93f52102ed7a
Static task
static1
Behavioral task
behavioral1
Sample
4207f7b13155e7caf8897d4d119f808699093d79e63037c79c0feec1cd7cf997.bin.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
4207f7b13155e7caf8897d4d119f808699093d79e63037c79c0feec1cd7cf997.bin.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.myremediez.com - Port:
587 - Username:
sales@myremediez.com - Password:
123123456
Targets
-
-
Target
4207f7b13155e7caf8897d4d119f808699093d79e63037c79c0feec1cd7cf997.bin
-
Size
1006KB
-
MD5
038ece8f6c92ccb2dd38133d85e80caf
-
SHA1
96a2e3466f10d59020501b076cfab07f237bb7c1
-
SHA256
4207f7b13155e7caf8897d4d119f808699093d79e63037c79c0feec1cd7cf997
-
SHA512
8af98ef60f05ffc9324647bad8214989883f2128eac44814c7f37730f7a4d4e7019c495015a3460a15fb411f78559a60dbad528c151d07df9a2cc030c7f1ce23
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-