General
-
Target
4e7eec05176fb9f3542905ba6ec354d59f41866ea0ee3557d3f83039756f8a18
-
Size
887KB
-
Sample
220521-n8e53saaap
-
MD5
27aed45941ffbd600f34f40af42ec92f
-
SHA1
13516d82057145c8fdc14f73343ac842af7b5132
-
SHA256
4e7eec05176fb9f3542905ba6ec354d59f41866ea0ee3557d3f83039756f8a18
-
SHA512
7d34b75bbd3ec4bd2afab189b42e2c5115e422d7c6b3271d04e795ae85044825a5ad90f5ade2a53b25e69a78c5c943a8a56219f14c92d19e1964c5d0743000b5
Static task
static1
Behavioral task
behavioral1
Sample
PO3142020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO3142020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.radarcncs.com/ - Port:
21 - Username:
admin@radarcncs.com - Password:
8,4=M~_i,5NV
Protocol: ftp- Host:
ftp://ftp.radarcncs.com/ - Port:
21 - Username:
admin@radarcncs.com - Password:
8,4=M~_i,5NV
Targets
-
-
Target
PO3142020.exe
-
Size
919KB
-
MD5
4b846a96f8f355ac9b9314265b5dbbea
-
SHA1
44825a48d60b3dff26e0c2d12b26491830d58de0
-
SHA256
7992c7a13287cca6f8528dcd6ee08e95367634aeb1dae73f3e194afbf1fe98a9
-
SHA512
26e7c84ff854a678b97d8aa8966ef9183b0d2355b786c2aa10600825c0498f77f5028031e0ed8973591ec85dbbb69ec86a71e6dc8c744c21281e7bedc5ea630d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-