General
-
Target
RESITECH_0814PDF.iso
-
Size
838KB
-
Sample
211116-kvfynsdab8
-
MD5
756cb5dc58165475627876cf039d6280
-
SHA1
89505c09c14c352866f96b0699ad6af8754b4e3c
-
SHA256
8245ea5bec7122e3062a367366b4019ccddd5dc170957cb13f9e34c916fdd97b
-
SHA512
1ca22568fcdfe44e530be534ab3d6e3935a34d760edff314d81779d7212113287528a6e4d90f66104d7573fb41fac9b0d643ce74f7d0d42d7fa3c603391ca91e
Static task
static1
Behavioral task
behavioral1
Sample
RESITECH_0814PDF.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
RESITECH_0814PDF.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.hdconstruct.ro/ - Port:
21 - Username:
FTPAdmin@hdconstruct.ro - Password:
5R)XZ2Xqis2HZ7p[d6+Oe!0i^C85CQ]uD68jNN@ossy~wH-(ie^9O2(001174?skX%ouFto
Targets
-
-
Target
RESITECH_0814PDF.exe
-
Size
777KB
-
MD5
0f30b7a70e8e6ec8762bdad8441d0a61
-
SHA1
dbf9cae17ee058d9e5181c51b9047e350bc1fcf2
-
SHA256
086ea860e6e2344c086ab361f6374d8c92165767416a72962823956e195ab770
-
SHA512
031bd16b0bba3641aac630b4874148833cf6fed4930ee9a7bcef80c47319691065285e7e706c666bb83be4b00ff8842dbd58372404f116985ab51136d95fb520
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-