General
-
Target
5814321850515456.zip
-
Size
720KB
-
Sample
210727-89my6k3jsa
-
MD5
4f756ed206b879ea407cb64a80b75508
-
SHA1
27bab31ce89dd33fbf633cd7a5bab1fcbb5ac40d
-
SHA256
d1c3ee4a810f5982b96ee6383971ec82db75285f2f230765dc38690e81029ff1
-
SHA512
669cfd7e9d311e31aa0baa92f648d1db12a71868717c260329333956b529ec88d2d7b3646823d1b9a0fdc1511aa980258ebc350066611c756ca97952a0ceab72
Static task
static1
Behavioral task
behavioral1
Sample
494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://fashionandsorucing.com/ - Port:
21 - Username:
Farmlogs@fashionandsorucing.com - Password:
MNZsxGLNtfYc
Targets
-
-
Target
494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2
-
Size
1017KB
-
MD5
e2e3079ac8c5cbbcc7073ca306ab42ac
-
SHA1
5236549f1fbe0f93f4bde89e6e96a34ff98894c3
-
SHA256
494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2
-
SHA512
84743366be0864382a0e6ad02a0c6440a31686d50ce1c40f5014e2456c0daaca6a74f8fd28373bd0bb739dacf1f4b8932fad5f18f3554fac67f46bff5c2d9d6c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-