General
-
Target
TT COPY.exe
-
Size
988KB
-
Sample
210727-6k9mtdwlma
-
MD5
197e571bfcf3f22816e245fef4f86b4f
-
SHA1
60df9b31aeb301c4c480da58f75be14d775cb604
-
SHA256
fc22aaa35e5504461dd5ace02d041f7715bc25acf329d2070e02e854b54d4de0
-
SHA512
f7bc869cae343ee6dc5230d54eb6e775490733df911e36e3427dda88b75d240131ff8c1bd0e23d6f93c28e4691566cc90a2c092111f9d38b241365d3f483558a
Static task
static1
Behavioral task
behavioral1
Sample
TT COPY.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
TT COPY.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
paola.micheli@copangroup.xyz - Password:
gibson.1990
Targets
-
-
Target
TT COPY.exe
-
Size
988KB
-
MD5
197e571bfcf3f22816e245fef4f86b4f
-
SHA1
60df9b31aeb301c4c480da58f75be14d775cb604
-
SHA256
fc22aaa35e5504461dd5ace02d041f7715bc25acf329d2070e02e854b54d4de0
-
SHA512
f7bc869cae343ee6dc5230d54eb6e775490733df911e36e3427dda88b75d240131ff8c1bd0e23d6f93c28e4691566cc90a2c092111f9d38b241365d3f483558a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-