General
-
Target
SOA for V.R at USD.TAR
-
Size
452KB
-
Sample
210915-hel4msaaa4
-
MD5
023205f2977dd592a40fbd92d5048b3e
-
SHA1
e8a74000466d6409811b0bb96c2d320be7788987
-
SHA256
4f976e5d04ffcf22b41a03dcb02dd087b65516866d5d596e6203846f303508f8
-
SHA512
664cabf78c6d08484d45bc599a77a72697b02238f0583970a78cb66a5ff7706c6d0809d8aa2efd9fc271d5be58f5ed7bcecb9efd4c4470b9160c450832f97bc8
Static task
static1
Behavioral task
behavioral1
Sample
SOA for V.R at USD.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SOA for V.R at USD.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.odessabd.com - Port:
587 - Username:
compliance2@odessabd.com - Password:
abc321
Targets
-
-
Target
SOA for V.R at USD.exe
-
Size
525KB
-
MD5
0089096879cc5e90ef04d7358eca283a
-
SHA1
758391d396000daf311cca9c6dc5488ccae3cef0
-
SHA256
969ac78f2005f38fada828fd8271a8c0113ac67b9c40606fa19781f6d8fb5355
-
SHA512
81f2281af773f7efe0e0c88009499ab3d75c9bea82f14750b64b791c8e9ce8d405361a2c3081df2ed77556342bf1b26c975de0e9a68bfb5b83c47d8dd86b224b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-