General
-
Target
91be015e2c0c979a2a5b84fc81164538
-
Size
766KB
-
Sample
210727-hpzz692k3n
-
MD5
91be015e2c0c979a2a5b84fc81164538
-
SHA1
14b768716368e0dbbd188d2aad80eaff8340f912
-
SHA256
25ed1a3e7245151fbb0d15d7561a97be5d29c6571a8d6ccacfbaac4f22577f60
-
SHA512
adc479641a712764b71f26bc6f3f00c8e2959f29f645e8ed68a115a84afe583d7c72dcb47b99dc09007608c21cda27c99bc9946d3685fe486689dd8b4dd96c85
Static task
static1
Behavioral task
behavioral1
Sample
91be015e2c0c979a2a5b84fc81164538.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
91be015e2c0c979a2a5b84fc81164538.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cisburo.com - Port:
587 - Username:
elie@cisburo.com - Password:
Essaab1967#
Targets
-
-
Target
91be015e2c0c979a2a5b84fc81164538
-
Size
766KB
-
MD5
91be015e2c0c979a2a5b84fc81164538
-
SHA1
14b768716368e0dbbd188d2aad80eaff8340f912
-
SHA256
25ed1a3e7245151fbb0d15d7561a97be5d29c6571a8d6ccacfbaac4f22577f60
-
SHA512
adc479641a712764b71f26bc6f3f00c8e2959f29f645e8ed68a115a84afe583d7c72dcb47b99dc09007608c21cda27c99bc9946d3685fe486689dd8b4dd96c85
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-