General
-
Target
copy of declaration certificate�& Tan lette.exe.gz
-
Size
763KB
-
Sample
210726-tfgtqtnwc6
-
MD5
a0c63cf6dbee270cfc537f28a9bb5a2e
-
SHA1
e885cd26efb3fe578e876411d415be4f9d0bf457
-
SHA256
b763ce52f9148fa8fa22da8df46135e8ac441c9e1986ac2848eaf8f93c743198
-
SHA512
2d9c83a1c6188f24f04288f75c1a2aa686595eded9d82113a8556df8d61de1200b9abdce9f58277e34991ca2c468279e1329dea20eb51e43c8b3ff2f10b19d15
Static task
static1
Behavioral task
behavioral1
Sample
copy of declaration certificate & Tan lette.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
copy of declaration certificate & Tan lette.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server291.web-hosting.com - Port:
587 - Username:
ikmero@crestftb.com - Password:
riches22@123456
Targets
-
-
Target
copy of declaration certificate & Tan lette.exe
-
Size
1.6MB
-
MD5
6670c19ddf28b94dc9832ef37a4b976f
-
SHA1
6e6116fca5d75635c5906ed87db698fad545f087
-
SHA256
13d90261f73ecaa7455ccdaf16de6d96b122e8829cbf0ffe84ab89fc2cf4cad2
-
SHA512
979a3fb7ca18acba12a8c71d0893bc447826bfd4f1a7a6d13683c6ef00b315df4945e6a4cdf6da62c7a13a64c5aa56705c689e2847e7a267c592c0e48c55c35c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-