General
-
Target
SecuriteInfo.com.ArtemisD6F96E4A411B.20686.17781
-
Size
647KB
-
Sample
210726-t4lmvdh4kj
-
MD5
d6f96e4a411bb243bea36c8aa5ec4ab0
-
SHA1
7be11b1519176590b7ed4326933fd0e08325b588
-
SHA256
b915e46bfe27a03870fb223223ff2af61c15226a650031317d2acf558c55a3a9
-
SHA512
7618fd4596bbabdd28ffbc7d81573c71b93667539abecdf55f40c28b62a8fed0c935d23281f0417c0413e63ac972ef3dfa3640c97cd210b3ebd79177a6a0bcc8
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.ArtemisD6F96E4A411B.20686.17781.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SecuriteInfo.com.ArtemisD6F96E4A411B.20686.17781.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
uscentral50.myserverhosts.com - Port:
587 - Username:
sales@radheatwaters.com - Password:
waters@789
Targets
-
-
Target
SecuriteInfo.com.ArtemisD6F96E4A411B.20686.17781
-
Size
647KB
-
MD5
d6f96e4a411bb243bea36c8aa5ec4ab0
-
SHA1
7be11b1519176590b7ed4326933fd0e08325b588
-
SHA256
b915e46bfe27a03870fb223223ff2af61c15226a650031317d2acf558c55a3a9
-
SHA512
7618fd4596bbabdd28ffbc7d81573c71b93667539abecdf55f40c28b62a8fed0c935d23281f0417c0413e63ac972ef3dfa3640c97cd210b3ebd79177a6a0bcc8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-