General
-
Target
ae59002c22a8ebf5aba7efea1fdd964a2ede4cb5
-
Size
794KB
-
Sample
210727-aev3fleb22
-
MD5
02d4adfdc7ef2416ac57c7f841a71ada
-
SHA1
ae59002c22a8ebf5aba7efea1fdd964a2ede4cb5
-
SHA256
c07013fbf8908de6e011f147b5470db2df3465642582849d368233675a77fc99
-
SHA512
5e1de1cd07862e26831a418f9e922d857d6b5f8811e66ba0887c3f268f17ef27133746a599c47e31ab72d0f7591e91d1025c18145904423f30ebc2a95e998f81
Static task
static1
Behavioral task
behavioral1
Sample
ae59002c22a8ebf5aba7efea1fdd964a2ede4cb5.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ae59002c22a8ebf5aba7efea1fdd964a2ede4cb5.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.moderntelco.com - Port:
587 - Username:
sales@moderntelco.com - Password:
Sales@123$%
Targets
-
-
Target
ae59002c22a8ebf5aba7efea1fdd964a2ede4cb5
-
Size
794KB
-
MD5
02d4adfdc7ef2416ac57c7f841a71ada
-
SHA1
ae59002c22a8ebf5aba7efea1fdd964a2ede4cb5
-
SHA256
c07013fbf8908de6e011f147b5470db2df3465642582849d368233675a77fc99
-
SHA512
5e1de1cd07862e26831a418f9e922d857d6b5f8811e66ba0887c3f268f17ef27133746a599c47e31ab72d0f7591e91d1025c18145904423f30ebc2a95e998f81
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-