General
-
Target
2129-20 30% CLAIM - PO SPO21-01-072.exe
-
Size
713KB
-
Sample
210728-wxsz9gnwfn
-
MD5
24b0181283f32c69f89e64761c4f4cd9
-
SHA1
cae8734f820537adda23e7cf891ebcd92b0e4c1c
-
SHA256
11c57727c43aa2062fb4194e9df78a89a9482169f603f7ead5bdd77f2ccf69d6
-
SHA512
5600df81269b5c34f639c4ffe0cc3ad3438bdffdf1168384397503bba3a378af5c136e6e0c9ddacfa32dcdec6ccbfa87a68c4fe095017e525e0843b96da9b278
Static task
static1
Behavioral task
behavioral1
Sample
2129-20 30% CLAIM - PO SPO21-01-072.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2129-20 30% CLAIM - PO SPO21-01-072.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.boikgold.com - Port:
587 - Username:
[email protected] - Password:
iskraines@2017
Targets
-
-
Target
2129-20 30% CLAIM - PO SPO21-01-072.exe
-
Size
713KB
-
MD5
24b0181283f32c69f89e64761c4f4cd9
-
SHA1
cae8734f820537adda23e7cf891ebcd92b0e4c1c
-
SHA256
11c57727c43aa2062fb4194e9df78a89a9482169f603f7ead5bdd77f2ccf69d6
-
SHA512
5600df81269b5c34f639c4ffe0cc3ad3438bdffdf1168384397503bba3a378af5c136e6e0c9ddacfa32dcdec6ccbfa87a68c4fe095017e525e0843b96da9b278
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-