General
-
Target
201586.exe
-
Size
795KB
-
Sample
211018-z42n3afgdm
-
MD5
8a6465a960395e718b9489c5738a1714
-
SHA1
fc72045fbc8157ed4035d53f12cf36738ecad644
-
SHA256
fe8fd282bdc1f838ff2dad9b56b6bd615fb7f76fa69775c5afd5ee204dd007f6
-
SHA512
7918da056a93b0e03dd79f18fd6f6360ca945342619cee7f19329069ad9c495947de345dca6b7aaea27184574056b80ae5add6079e0f7e57f33de0121f68c7b9
Static task
static1
Behavioral task
behavioral1
Sample
201586.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
201586.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.merchantexint.com - Port:
587 - Username:
[email protected] - Password:
merW&13@
Targets
-
-
Target
201586.exe
-
Size
795KB
-
MD5
8a6465a960395e718b9489c5738a1714
-
SHA1
fc72045fbc8157ed4035d53f12cf36738ecad644
-
SHA256
fe8fd282bdc1f838ff2dad9b56b6bd615fb7f76fa69775c5afd5ee204dd007f6
-
SHA512
7918da056a93b0e03dd79f18fd6f6360ca945342619cee7f19329069ad9c495947de345dca6b7aaea27184574056b80ae5add6079e0f7e57f33de0121f68c7b9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-