General
-
Target
MACHINE SPECIFICATIONS.exe
-
Size
755KB
-
Sample
210727-zdvzsvvvzs
-
MD5
9ce7495a840078892fb01cdcd7001b63
-
SHA1
b9cf3f26a8f077bca7513800b731e5b5d2ee8824
-
SHA256
7f37a6ecd3a5350ee65960da3f0e73780834539302dbc754ab8080df38778379
-
SHA512
83502d2e66be741738cede1b43b48ce3d11f1340c553dd30c859cdcab49fd45cefaee9657fae2bd496ffd853a565763accba4c691a5c9a7c0785ad08e02c4e49
Static task
static1
Behavioral task
behavioral1
Sample
MACHINE SPECIFICATIONS.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MACHINE SPECIFICATIONS.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.avonpharmacmachines.com/ - Port:
21 - Username:
admin@avonpharmacmachines.com - Password:
ycULZlOO,T9=
Targets
-
-
Target
MACHINE SPECIFICATIONS.exe
-
Size
755KB
-
MD5
9ce7495a840078892fb01cdcd7001b63
-
SHA1
b9cf3f26a8f077bca7513800b731e5b5d2ee8824
-
SHA256
7f37a6ecd3a5350ee65960da3f0e73780834539302dbc754ab8080df38778379
-
SHA512
83502d2e66be741738cede1b43b48ce3d11f1340c553dd30c859cdcab49fd45cefaee9657fae2bd496ffd853a565763accba4c691a5c9a7c0785ad08e02c4e49
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-