General
-
Target
93f1feffe4a797163f55f1caca45182a
-
Size
777KB
-
Sample
210727-4hsshfmvs2
-
MD5
93f1feffe4a797163f55f1caca45182a
-
SHA1
6cfbf536209e0c0256479785fec1ced9b2f77a11
-
SHA256
4afaa463a048f9c89866a9c7154bf4a9d20ed849cdf6a8c0cf4b0b8b105d8e3a
-
SHA512
3302bb5e03c8c87e3539dad5ae5b20bf240d5a379e3c62b14a6a6afd9dcbb0bc079b629349cd05d4e1c9931e70f475ee1c094f59b8a014765cef72fe7f33e7a4
Static task
static1
Behavioral task
behavioral1
Sample
93f1feffe4a797163f55f1caca45182a.exe
Resource
win7v20210408
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.badonfashoin.com/ - Port:
21 - Username:
logs@badonfashoin.com - Password:
sKsYZiIYQn6y
Targets
-
-
Target
93f1feffe4a797163f55f1caca45182a
-
Size
777KB
-
MD5
93f1feffe4a797163f55f1caca45182a
-
SHA1
6cfbf536209e0c0256479785fec1ced9b2f77a11
-
SHA256
4afaa463a048f9c89866a9c7154bf4a9d20ed849cdf6a8c0cf4b0b8b105d8e3a
-
SHA512
3302bb5e03c8c87e3539dad5ae5b20bf240d5a379e3c62b14a6a6afd9dcbb0bc079b629349cd05d4e1c9931e70f475ee1c094f59b8a014765cef72fe7f33e7a4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-