General
-
Target
fda.exe
-
Size
909KB
-
Sample
210727-r9bs1ry8ej
-
MD5
9988685bdb69c34939c270df2eff6d47
-
SHA1
b4aa67fe963f14a8ac6220d8953960a86d7bcdd1
-
SHA256
f367ab08d8884ebda2ca7101fa509d1216f66c9e788d1b729ce605959f2f57ca
-
SHA512
c535fec6cffebc266858e46d6ef8b6405a2ac9e50d946d40faf64131eb866611d32b1d9906c70923f075d00e2e88c74afb284d198277c4ef0abaaa24ff9ded7b
Static task
static1
Behavioral task
behavioral1
Sample
fda.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
fda.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
faithkingsley@vivaldi.net - Password:
kingsofkings123
Targets
-
-
Target
fda.exe
-
Size
909KB
-
MD5
9988685bdb69c34939c270df2eff6d47
-
SHA1
b4aa67fe963f14a8ac6220d8953960a86d7bcdd1
-
SHA256
f367ab08d8884ebda2ca7101fa509d1216f66c9e788d1b729ce605959f2f57ca
-
SHA512
c535fec6cffebc266858e46d6ef8b6405a2ac9e50d946d40faf64131eb866611d32b1d9906c70923f075d00e2e88c74afb284d198277c4ef0abaaa24ff9ded7b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-