General
-
Target
b3a27137bfa9f92fe6b4cc7f0aaf08f4
-
Size
610KB
-
Sample
220208-kz2qyafbb8
-
MD5
b3a27137bfa9f92fe6b4cc7f0aaf08f4
-
SHA1
266e5d674bd1fe6135bd74658bb8a1d58777bbe0
-
SHA256
37c712662321d51383b50cc3973ba187706384859c6ff4f9e43e8be3c9e6dfe4
-
SHA512
2aec6a1ffd6a1df55ca456ed80b42b28f10f98ab11ab1cfefad29529037e433a7cb527ab081fbcddcf38c70adf2b0bbb484e936f42a5720fbfc2943b7d96a37a
Static task
static1
Behavioral task
behavioral1
Sample
b3a27137bfa9f92fe6b4cc7f0aaf08f4.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b3a27137bfa9f92fe6b4cc7f0aaf08f4.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://nanyainc.cf/ - Port:
21 - Username:
[email protected] - Password:
7qB+iH=KrUUT
Targets
-
-
Target
b3a27137bfa9f92fe6b4cc7f0aaf08f4
-
Size
610KB
-
MD5
b3a27137bfa9f92fe6b4cc7f0aaf08f4
-
SHA1
266e5d674bd1fe6135bd74658bb8a1d58777bbe0
-
SHA256
37c712662321d51383b50cc3973ba187706384859c6ff4f9e43e8be3c9e6dfe4
-
SHA512
2aec6a1ffd6a1df55ca456ed80b42b28f10f98ab11ab1cfefad29529037e433a7cb527ab081fbcddcf38c70adf2b0bbb484e936f42a5720fbfc2943b7d96a37a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-