General
-
Target
tgwqjo
-
Size
831KB
-
Sample
200731-mbq3fdz3va
-
MD5
c9bdb2a0214fd34e21c9671da4bbbca4
-
SHA1
bd33a69c8926f4fd9747e9db063fcbae1e964bd5
-
SHA256
d96ee923cda8458627c393925aebc1f908ab6a40ebe8c9ea0f049e3edf27bce2
-
SHA512
5dd32f148634462317316e6ddcfdbe92d59a730dbd1949b68304bf2810d1a2075c273aaf29c7f6b2552273f03326274d56989d02c2e42f899ee5f79b702d4413
Static task
static1
Behavioral task
behavioral1
Sample
tgwqjo.exe
Resource
win7
Behavioral task
behavioral2
Sample
tgwqjo.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
microsotft-office365-rules-co@yandex.ru - Password:
moneymoney77
Targets
-
-
Target
tgwqjo
-
Size
831KB
-
MD5
c9bdb2a0214fd34e21c9671da4bbbca4
-
SHA1
bd33a69c8926f4fd9747e9db063fcbae1e964bd5
-
SHA256
d96ee923cda8458627c393925aebc1f908ab6a40ebe8c9ea0f049e3edf27bce2
-
SHA512
5dd32f148634462317316e6ddcfdbe92d59a730dbd1949b68304bf2810d1a2075c273aaf29c7f6b2552273f03326274d56989d02c2e42f899ee5f79b702d4413
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-