General
-
Target
Specifications.zip
-
Size
429KB
-
Sample
211021-hmf8cshhh5
-
MD5
c1d72c9054f4f86c5668869b3bf266d0
-
SHA1
fcb4a772da2c1a59eb0c3a69873d7d2041adb892
-
SHA256
014853661f6a4c200fd91f25e8d4fee1acc69746a92d42b5dd5c8a235d30bf65
-
SHA512
212f1011aa467986171d85e4137bb71f13c8acff7b2e083e41e30607e990e3c5a1f7d03f54179871e59523bdbfb0ece4c05da11a758782ecb18fb9c537700008
Static task
static1
Behavioral task
behavioral1
Sample
Specifications/Specifications.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Specifications/Specifications.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.northsrockusa.com/ - Port:
21 - Username:
admin@northsrockusa.com - Password:
VoX,U=~j}n-V
Targets
-
-
Target
Specifications/Specifications.exe
-
Size
643KB
-
MD5
aa7c28ff29133cf0081cfc242cde4d2d
-
SHA1
1b6394622652010c90144992c6968efcfa97a114
-
SHA256
11e49b27ba39c927e8d09de369ffb5d534507616a53446ca12dcc535338ebd63
-
SHA512
af5652c38e0a0d287d66b536bb014ac8d42665fbf030fdcdb3cc5c77e223f6512a18dc000af5e24f7e65a80d93109213596f856ed491b7fc5d3e26029cbe11a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-