General
-
Target
1120-3378-AWB.exe
-
Size
1.4MB
-
Sample
200624-vre6dbqh6a
-
MD5
fd23513eaf9fcb99845b6b518fafa080
-
SHA1
9dd54f29b70f8852988b523caebd908cfcbcbf07
-
SHA256
a91a2b8234a4b5a0fcd701970e05a01d153cd65ff27ed7e35fe603e3a59eaa40
-
SHA512
6e67e3b59500ca6f78f280ea4b841296c70cb9ade0fb625ca9c332aa5513b0a0e771a083eb34bdfd93e7665d7a4d03845fe8c187e090ee7d22d470e2633191e4
Static task
static1
Behavioral task
behavioral1
Sample
1120-3378-AWB.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
1120-3378-AWB.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.edaraproperty.net - Port:
587 - Username:
wt.security@edaraproperty.net - Password:
WEST##963852741
Extracted
Protocol: smtp- Host:
mail.edaraproperty.net - Port:
587 - Username:
wt.security@edaraproperty.net - Password:
WEST##963852741
Targets
-
-
Target
1120-3378-AWB.exe
-
Size
1.4MB
-
MD5
fd23513eaf9fcb99845b6b518fafa080
-
SHA1
9dd54f29b70f8852988b523caebd908cfcbcbf07
-
SHA256
a91a2b8234a4b5a0fcd701970e05a01d153cd65ff27ed7e35fe603e3a59eaa40
-
SHA512
6e67e3b59500ca6f78f280ea4b841296c70cb9ade0fb625ca9c332aa5513b0a0e771a083eb34bdfd93e7665d7a4d03845fe8c187e090ee7d22d470e2633191e4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-