General
-
Target
AWB.exe
-
Size
789KB
-
Sample
200731-ycht7d14vn
-
MD5
00e07fbc04097cb40012208c6d59961f
-
SHA1
965e3a6594cba057b116b9f53aabd8976d815058
-
SHA256
2e5adc24258e0aae79b688b0310985210ab03bffb789da8c80f5d2172e0ff323
-
SHA512
85cf5e27a27f3ba2e6dd18f86c06eb3cbc7414ce9b8998a4b1ee3b20c9141e05347dd6cf220923d606f5e3a5650f91c065f1bf40d7fbc6c145414dfda937449f
Static task
static1
Behavioral task
behavioral1
Sample
AWB.exe
Resource
win7
Behavioral task
behavioral2
Sample
AWB.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mullarwhite@yandex.com - Password:
challenge12345@
Targets
-
-
Target
AWB.exe
-
Size
789KB
-
MD5
00e07fbc04097cb40012208c6d59961f
-
SHA1
965e3a6594cba057b116b9f53aabd8976d815058
-
SHA256
2e5adc24258e0aae79b688b0310985210ab03bffb789da8c80f5d2172e0ff323
-
SHA512
85cf5e27a27f3ba2e6dd18f86c06eb3cbc7414ce9b8998a4b1ee3b20c9141e05347dd6cf220923d606f5e3a5650f91c065f1bf40d7fbc6c145414dfda937449f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-