General
-
Target
origpro_crypted.zip
-
Size
543KB
-
Sample
210727-13pft6gz76
-
MD5
536de7964734429159cedbc990e7ab78
-
SHA1
a83ad8e0ea1a90775c7e9c05166fcf9d174a4708
-
SHA256
0cb1132158c95b7ac1ff8599ea110dfbe33b250d0b74b99186d941164d894427
-
SHA512
8951dd4569e0f73a15142b86326298b169a7c70b9e119937276c1012e18aede70d28a934635aaff0a7a8ff39ec55f466b8c23317072d9031cb96a2cffaace2ac
Static task
static1
Behavioral task
behavioral1
Sample
z8WufQDmHPxb9FP.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
z8WufQDmHPxb9FP.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
outback.websitewelcome.com - Port:
587 - Username:
procc@ogenexblog24.com - Password:
Thisyear2020
Targets
-
-
Target
z8WufQDmHPxb9FP.exe
-
Size
653KB
-
MD5
bc7cbd5aae47693ebd6c19a9f6ae7976
-
SHA1
376072c8e8c2aadd66b772ffb6f2094254818eb4
-
SHA256
d4c6b6a00d510bba75da888a42569c72a43f2585b82b29e65298897d03285b76
-
SHA512
cb35a62642d870d4cb7d52472bdc491cdf1efc4e0f57b374c0d0bd8b76a922a4ea7e66aed13c79b9ba2354a082b5ec34a09416fd90b848b297b96ca113c1ed8b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-