General
-
Target
asd.txt
-
Size
93B
-
Sample
240914-epr6vswcnq
-
MD5
7213463c27611670218de026f379a4a7
-
SHA1
90750ced837038b11524c1dba538785414bba6e3
-
SHA256
90708abbcad8c3e95f37fb29927781a1ec885a9c3799b50f7dcc01e1b4065baa
-
SHA512
734dfaf55bbba3e05c6bb8a2582aae5defc7336133d96714ca93123843cf476e1e4fdf905a18598e7c9e0ad19cbc98e9affe0e4df296ab4c5d30012f12093f4a
Static task
static1
Behavioral task
behavioral1
Sample
asd.txt
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
asd.txt
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
asd.txt
-
Size
93B
-
MD5
7213463c27611670218de026f379a4a7
-
SHA1
90750ced837038b11524c1dba538785414bba6e3
-
SHA256
90708abbcad8c3e95f37fb29927781a1ec885a9c3799b50f7dcc01e1b4065baa
-
SHA512
734dfaf55bbba3e05c6bb8a2582aae5defc7336133d96714ca93123843cf476e1e4fdf905a18598e7c9e0ad19cbc98e9affe0e4df296ab4c5d30012f12093f4a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Sets service image path in registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1