General
-
Target
a9628ff6eda4ed57330eef0ff7f15959d359e71e5c800a27a701f50a8719a4af.bin.sample
-
Size
256KB
-
Sample
211210-saylzsghd7
-
MD5
d7d813645cecc8027b3a2313feafc1b1
-
SHA1
082f8cd29df71c1bd39a274b37c2e89a64674328
-
SHA256
a9628ff6eda4ed57330eef0ff7f15959d359e71e5c800a27a701f50a8719a4af
-
SHA512
66ed6918af17984b70bc76795dceed215636b7f1a19c7994368fdd694fe761577054a80673342b1f1ba6731910056fd135aa521321594c9702057d3805650158
Static task
static1
Behavioral task
behavioral1
Sample
a9628ff6eda4ed57330eef0ff7f15959d359e71e5c800a27a701f50a8719a4af.bin.sample.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a9628ff6eda4ed57330eef0ff7f15959d359e71e5c800a27a701f50a8719a4af.bin.sample.exe
Resource
win10-en-20211208
Malware Config
Extracted
agenttesla
http://103.207.39.131/11/inc/cef561611cabf3.php
Targets
-
-
Target
a9628ff6eda4ed57330eef0ff7f15959d359e71e5c800a27a701f50a8719a4af.bin.sample
-
Size
256KB
-
MD5
d7d813645cecc8027b3a2313feafc1b1
-
SHA1
082f8cd29df71c1bd39a274b37c2e89a64674328
-
SHA256
a9628ff6eda4ed57330eef0ff7f15959d359e71e5c800a27a701f50a8719a4af
-
SHA512
66ed6918af17984b70bc76795dceed215636b7f1a19c7994368fdd694fe761577054a80673342b1f1ba6731910056fd135aa521321594c9702057d3805650158
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-