General
-
Target
MACHINE SPECIFICATION.exe
-
Size
760KB
-
Sample
210727-f984r5wgtx
-
MD5
0f4064452757c9830209d116580adc54
-
SHA1
9fad72530e98734aa913b36a69b963a91eefac13
-
SHA256
a1520040a9646ea2582d5b6ec7ddb720de8195473675a768a60659ec277101dc
-
SHA512
adbe5414b8286c442b2707948231b8e1d620f4e38dfb985262ebe58c032c124f222b6032ca5912cddd6e98827fd5ec9870900b48e9bf1800dc20df6b4795db4f
Static task
static1
Behavioral task
behavioral1
Sample
MACHINE SPECIFICATION.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
MACHINE SPECIFICATION.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.avonpharmacmachines.com/ - Port:
21 - Username:
admin@avonpharmacmachines.com - Password:
ycULZlOO,T9=
Targets
-
-
Target
MACHINE SPECIFICATION.exe
-
Size
760KB
-
MD5
0f4064452757c9830209d116580adc54
-
SHA1
9fad72530e98734aa913b36a69b963a91eefac13
-
SHA256
a1520040a9646ea2582d5b6ec7ddb720de8195473675a768a60659ec277101dc
-
SHA512
adbe5414b8286c442b2707948231b8e1d620f4e38dfb985262ebe58c032c124f222b6032ca5912cddd6e98827fd5ec9870900b48e9bf1800dc20df6b4795db4f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-