General
-
Target
304b4864421a6e2f8738293d33a22386.exe
-
Size
654KB
-
Sample
211201-j8szqadhg4
-
MD5
304b4864421a6e2f8738293d33a22386
-
SHA1
8544125f97197ff0cc552dade97c894d258c89d0
-
SHA256
d9c6cc74736a6ffeb3dd869fc8db8c845d0300b6f3302c688a3b78a79f16cd13
-
SHA512
a6f914c62a81f4689992ad04da4a9e07ed541f211224552bacdaf06a533bb2a4a30201d7ab85eee951d6d1ef0237fadaee9183dde5975b67fe35da33544fd8e3
Static task
static1
Behavioral task
behavioral1
Sample
304b4864421a6e2f8738293d33a22386.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
304b4864421a6e2f8738293d33a22386.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.videoalliance.ru/ - Port:
21 - Username:
pleaseworkwell@videoalliance.ru - Password:
xq0~K^xsfq08
Targets
-
-
Target
304b4864421a6e2f8738293d33a22386.exe
-
Size
654KB
-
MD5
304b4864421a6e2f8738293d33a22386
-
SHA1
8544125f97197ff0cc552dade97c894d258c89d0
-
SHA256
d9c6cc74736a6ffeb3dd869fc8db8c845d0300b6f3302c688a3b78a79f16cd13
-
SHA512
a6f914c62a81f4689992ad04da4a9e07ed541f211224552bacdaf06a533bb2a4a30201d7ab85eee951d6d1ef0237fadaee9183dde5975b67fe35da33544fd8e3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-