General
-
Target
Document.exe
-
Size
917KB
-
Sample
210511-sd8vj2d62e
-
MD5
478df22800176813fad74c3dee12c8c6
-
SHA1
03ba205b6e92d763dea64ccc7fa9cb95b6e68536
-
SHA256
9115557e99de157473228d93416040638506bd166128351196200f424128a93f
-
SHA512
ce0c351137bdabe6ed5c756d604facdc29c87c4c359a1032a4a1caa2bf31a4e1e4429730e6d178fef0f8cf1548d263640520a95094494762ccc0883d09c85336
Static task
static1
Behavioral task
behavioral1
Sample
Document.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Document.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://hosseinsoltani.ir/wp-includes/Requests/Auth/vi/inc/98d006f6b6fe54.php
Targets
-
-
Target
Document.exe
-
Size
917KB
-
MD5
478df22800176813fad74c3dee12c8c6
-
SHA1
03ba205b6e92d763dea64ccc7fa9cb95b6e68536
-
SHA256
9115557e99de157473228d93416040638506bd166128351196200f424128a93f
-
SHA512
ce0c351137bdabe6ed5c756d604facdc29c87c4c359a1032a4a1caa2bf31a4e1e4429730e6d178fef0f8cf1548d263640520a95094494762ccc0883d09c85336
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-