General
-
Target
SecuriteInfo.com.Trojan.Win32.Save.a.14998.30223
-
Size
877KB
-
Sample
210727-fnjb9ghsdn
-
MD5
62b3afbdddfb88d96f76df2afd3bd8f2
-
SHA1
02d47da3c2f80960e94abbd69a316c0ef9cbc298
-
SHA256
232d3e2c32dfde5713153e9ba4a2c08b6e51766f5eef4575a821410edef4a495
-
SHA512
4b1838c2bf67f7d567d2276b06aa5b4797ef017f0c1208307ebc0a13bd344ff6d2a81e96c7daf89c8f9c5c34a7141f7d936196792dc7aa79a86b370c9b6eba44
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Win32.Save.a.14998.30223.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Win32.Save.a.14998.30223.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
uscentral50.myserverhosts.com - Port:
587 - Username:
sales@radheatwaters.com - Password:
waters@789
Targets
-
-
Target
SecuriteInfo.com.Trojan.Win32.Save.a.14998.30223
-
Size
877KB
-
MD5
62b3afbdddfb88d96f76df2afd3bd8f2
-
SHA1
02d47da3c2f80960e94abbd69a316c0ef9cbc298
-
SHA256
232d3e2c32dfde5713153e9ba4a2c08b6e51766f5eef4575a821410edef4a495
-
SHA512
4b1838c2bf67f7d567d2276b06aa5b4797ef017f0c1208307ebc0a13bd344ff6d2a81e96c7daf89c8f9c5c34a7141f7d936196792dc7aa79a86b370c9b6eba44
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-