General
-
Target
$35@@#.exe
-
Size
516KB
-
Sample
210727-6rdwtzlh7n
-
MD5
fe61f0a471b697d0c381c64eddf3649c
-
SHA1
bb8575caccc983a10f86de8c86e5e6598b993b27
-
SHA256
412991e242a1a3b4325e9d22e9158880214f13fd0db68c8509fab47d4f09c9d5
-
SHA512
6b279820631cd2d86d4e545a18b9dd1cedf81bfe921fbcddb8c042a9f64e2883c75acae047f770e15e4d01d0524f0d6de16de8dcf44428e06b382cfb138f78d0
Static task
static1
Behavioral task
behavioral1
Sample
$35@@#.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
$35@@#.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1815802853:AAFwTZ6mRU-UOmcTcCR8glZAAkNmzHpMkL8/sendDocument
Targets
-
-
Target
$35@@#.exe
-
Size
516KB
-
MD5
fe61f0a471b697d0c381c64eddf3649c
-
SHA1
bb8575caccc983a10f86de8c86e5e6598b993b27
-
SHA256
412991e242a1a3b4325e9d22e9158880214f13fd0db68c8509fab47d4f09c9d5
-
SHA512
6b279820631cd2d86d4e545a18b9dd1cedf81bfe921fbcddb8c042a9f64e2883c75acae047f770e15e4d01d0524f0d6de16de8dcf44428e06b382cfb138f78d0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-