General
-
Target
6645607133904896.zip
-
Size
1.1MB
-
Sample
200529-9hnczwenwn
-
MD5
3ba343b7222a8e80da77bb6cecae3bd4
-
SHA1
1858b72cbb44df5f8c4e651051c20ab6527157cc
-
SHA256
8ee6a3c1f0f55ddf3550e73fe82c1c8b8f0fe691079778db724e4b75860bb650
-
SHA512
2ca6949aa66309dd3e764013da2d5ce1a89e094dbe57ce6c025803e0dc013f4cc7eae7191a126ecab582f0ef3a545399d484429cefce35e3e021869e61283283
Static task
static1
Behavioral task
behavioral1
Sample
9d5a7a07abb7c52c085236f6a3c7dfeba4a873f6ac501a1d3fa47d5ac017178e.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
9d5a7a07abb7c52c085236f6a3c7dfeba4a873f6ac501a1d3fa47d5ac017178e.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
freshclinton8269@yandex.com - Password:
fresh826699
Targets
-
-
Target
9d5a7a07abb7c52c085236f6a3c7dfeba4a873f6ac501a1d3fa47d5ac017178e
-
Size
1.6MB
-
MD5
46447d4d516ce3eac86d56e0cb2d4b38
-
SHA1
4686a36de4af2dd903d81c5c08db9559ab274b30
-
SHA256
9d5a7a07abb7c52c085236f6a3c7dfeba4a873f6ac501a1d3fa47d5ac017178e
-
SHA512
b924a1e0b96c8e2f794682790a3cccf8b39d41ab5f4fbfc122506a293bf95d9d176a6b09c0556ed2805f9e49e97d79721513d19e1348d71f3fce79f0d8ca14d0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-