General
-
Target
CxpeXZz8sqMLITD.exe
-
Size
585KB
-
Sample
210728-msz8lzxpps
-
MD5
537ba3583e468298913b3e1ad70fafa6
-
SHA1
c4fbf3aff9091cde74c1c9e1821be59b60f7dc73
-
SHA256
7ef350d98e3a0e68b3738dd9f4659f5e39cb6787eaf504c3345d3bf6f5aaa294
-
SHA512
64f2cb3b7a53082cff970b6adfe1d1ddb6ad47af865010f395b18d9f9b9d88585d3edb7b29f73b353582a53c690e5d7636613560500d96adcc124734966b59a0
Static task
static1
Behavioral task
behavioral1
Sample
CxpeXZz8sqMLITD.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
CxpeXZz8sqMLITD.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.priserveinfra.com - Port:
587 - Username:
[email protected] - Password:
oppipl121019
Targets
-
-
Target
CxpeXZz8sqMLITD.exe
-
Size
585KB
-
MD5
537ba3583e468298913b3e1ad70fafa6
-
SHA1
c4fbf3aff9091cde74c1c9e1821be59b60f7dc73
-
SHA256
7ef350d98e3a0e68b3738dd9f4659f5e39cb6787eaf504c3345d3bf6f5aaa294
-
SHA512
64f2cb3b7a53082cff970b6adfe1d1ddb6ad47af865010f395b18d9f9b9d88585d3edb7b29f73b353582a53c690e5d7636613560500d96adcc124734966b59a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-