General
-
Target
SOA for V.R at USD.exe
-
Size
525KB
-
Sample
210915-hel4msaaa5
-
MD5
0089096879cc5e90ef04d7358eca283a
-
SHA1
758391d396000daf311cca9c6dc5488ccae3cef0
-
SHA256
969ac78f2005f38fada828fd8271a8c0113ac67b9c40606fa19781f6d8fb5355
-
SHA512
81f2281af773f7efe0e0c88009499ab3d75c9bea82f14750b64b791c8e9ce8d405361a2c3081df2ed77556342bf1b26c975de0e9a68bfb5b83c47d8dd86b224b
Static task
static1
Behavioral task
behavioral1
Sample
SOA for V.R at USD.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SOA for V.R at USD.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.odessabd.com - Port:
587 - Username:
compliance2@odessabd.com - Password:
abc321
Targets
-
-
Target
SOA for V.R at USD.exe
-
Size
525KB
-
MD5
0089096879cc5e90ef04d7358eca283a
-
SHA1
758391d396000daf311cca9c6dc5488ccae3cef0
-
SHA256
969ac78f2005f38fada828fd8271a8c0113ac67b9c40606fa19781f6d8fb5355
-
SHA512
81f2281af773f7efe0e0c88009499ab3d75c9bea82f14750b64b791c8e9ce8d405361a2c3081df2ed77556342bf1b26c975de0e9a68bfb5b83c47d8dd86b224b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-