General
-
Target
69a4737ab33facc809457a6bfa0aa2f2.exe
-
Size
652KB
-
Sample
210920-wnnwgsegc3
-
MD5
69a4737ab33facc809457a6bfa0aa2f2
-
SHA1
2dcedfdbcf527eb6680b4c4bce6f791b2681cae3
-
SHA256
cde036f2afa7aab3e775edf993ec455176f25bba3dd9440d0853945e425131a3
-
SHA512
08392e93d26da7a82e579fd53f9c0808cf081f970e36d3cd53f04c588d3f7fe6b5dbe837b521f8ff135399799fa9aa109d7f4772c56f0bc6fd4fe0349f85a367
Static task
static1
Behavioral task
behavioral1
Sample
69a4737ab33facc809457a6bfa0aa2f2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
69a4737ab33facc809457a6bfa0aa2f2.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
CXXOxCs5
Targets
-
-
Target
69a4737ab33facc809457a6bfa0aa2f2.exe
-
Size
652KB
-
MD5
69a4737ab33facc809457a6bfa0aa2f2
-
SHA1
2dcedfdbcf527eb6680b4c4bce6f791b2681cae3
-
SHA256
cde036f2afa7aab3e775edf993ec455176f25bba3dd9440d0853945e425131a3
-
SHA512
08392e93d26da7a82e579fd53f9c0808cf081f970e36d3cd53f04c588d3f7fe6b5dbe837b521f8ff135399799fa9aa109d7f4772c56f0bc6fd4fe0349f85a367
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-