General
-
Target
SecuriteInfo.com.generic.ml.15285.30302
-
Size
860KB
-
Sample
210719-wdg57p4vcx
-
MD5
d441af67a4a79bf18cc0be3920d355f2
-
SHA1
06480acda01c24b0a6af47f8dbc1f284eb5babd3
-
SHA256
7f100848ffb6fdc1e6747787b3fa3669a5fd4d7faa87d5b56c8d5470ab399d95
-
SHA512
4ab44659a3b4a66d56893c71a9c4d29d823b73d2377829ad6aacafe92f6b3331a83cd3c55dadbb566a7ebd1b6568989c555bb1770ae4cd3d5b26aaccc30e350d
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.generic.ml.15285.30302.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.generic.ml.15285.30302.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.sempreviva.pet - Port:
587 - Username:
dataoffice1@sempreviva.pet - Password:
ACYPFpe9
Targets
-
-
Target
SecuriteInfo.com.generic.ml.15285.30302
-
Size
860KB
-
MD5
d441af67a4a79bf18cc0be3920d355f2
-
SHA1
06480acda01c24b0a6af47f8dbc1f284eb5babd3
-
SHA256
7f100848ffb6fdc1e6747787b3fa3669a5fd4d7faa87d5b56c8d5470ab399d95
-
SHA512
4ab44659a3b4a66d56893c71a9c4d29d823b73d2377829ad6aacafe92f6b3331a83cd3c55dadbb566a7ebd1b6568989c555bb1770ae4cd3d5b26aaccc30e350d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-