General
-
Target
70654 SSEBACT.r15
-
Size
465KB
-
Sample
210915-gyrykadadl
-
MD5
bf143549606c95d3f42565a7966c4e4f
-
SHA1
b5a3c3c4f8e454a3cd8bf3a1dea4a6023b5852de
-
SHA256
ebc999fd981f9cea0d7d285e952ba232d95869b9ddfc33030b98deb0f782a07f
-
SHA512
b50da76438adcdd01e6f2d21f246902b9ef8fa2d8f9a7f8464fadffe98851d2cfdc72bec9d00e0cf786c3d038e7d3ae0de81416049fad09393d2fd3aceec6677
Static task
static1
Behavioral task
behavioral1
Sample
70654 SSEBACT.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
70654 SSEBACT.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
uscentral50.myserverhosts.com - Port:
587 - Username:
sales@radheatwaters.com - Password:
waters@789
Targets
-
-
Target
70654 SSEBACT.exe
-
Size
641KB
-
MD5
4e09874338d28600e8b84184f143bfe8
-
SHA1
488979983bfa154fbb27563454e67903c37e16c3
-
SHA256
ca87f3892de6e488e61c352cafc36fc06d0d8b6eb9fc4d5429ff92038c4b134f
-
SHA512
d58e1582e77fff96197fd7a5d463249ab619a9455a6d1425fdc913f42ac3b60a7fd46ed0f11cac00aee8a97055d86842f7fed1f85cb5a11c59d66a702d7212b2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-