General
-
Target
4313df6bee4e6025934ff76ed2f7c8924b85f71b029060eede7f66d4b96eb027
-
Size
470KB
-
Sample
220521-bbgw7abfc9
-
MD5
4ce44f37fc25f9392670b5d66a6c6ac8
-
SHA1
11aeb44c9cc2f68ff24f02f90d0b5807ec1fc1f2
-
SHA256
4313df6bee4e6025934ff76ed2f7c8924b85f71b029060eede7f66d4b96eb027
-
SHA512
b97bf725e36c25805716de625577f656aa41b2e566f4f456ac8006ae62ffc6243a9f44c6de088fc9fc6e177621303f19327457e2ccc71f57d6cb1387e64babc8
Static task
static1
Behavioral task
behavioral1
Sample
FRtsWDxBpc96ZPs.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FRtsWDxBpc96ZPs.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
je12vi345
Extracted
agenttesla
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
[email protected] - Password:
je12vi345
Targets
-
-
Target
FRtsWDxBpc96ZPs.exe
-
Size
510KB
-
MD5
6fa5d1729bcb93c460bd3bb3ebf53eb4
-
SHA1
f6c9df5e9c8a6d19224967b85d87b54287563a9b
-
SHA256
05568298144f10100f3882592a8be0a1754c579f581a3db6316d014c7f8ca8f3
-
SHA512
1feb1e7d85aa0ae173f510b32b7d5ff1f2cc37b4d23888d6a8f9930f50d8953c11cd4cc363f09dd4393805ef917251ee2ccf28c52a236209207739ba06d91057
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-