General
-
Target
Quotation062821920 Doc.exe
-
Size
1.4MB
-
Sample
200624-py698j2bqs
-
MD5
28790f7b37df5c55d19af17fe5c26e90
-
SHA1
ebe03b0be96acbf76a32aaa8f99fb0b80050ba92
-
SHA256
288e0e5c83a6fbde926189bf71e44dcb7a6516f726cc5985c28a4c3c4499f30a
-
SHA512
42bcf63a192ff93fa86ad1dd07896162be384e9a41bf8924956ae0ec86346c565245ea3e828f07e7802494c5e05ef52ca7e0abdd9e07cc570e740b01ea32c891
Static task
static1
Behavioral task
behavioral1
Sample
Quotation062821920 Doc.exe
Resource
win7
Behavioral task
behavioral2
Sample
Quotation062821920 Doc.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oneirochemicals.net - Port:
587 - Username:
qa@oneirochemicals.net - Password:
One$1234
Extracted
Protocol: smtp- Host:
mail.oneirochemicals.net - Port:
587 - Username:
qa@oneirochemicals.net - Password:
One$1234
Targets
-
-
Target
Quotation062821920 Doc.exe
-
Size
1.4MB
-
MD5
28790f7b37df5c55d19af17fe5c26e90
-
SHA1
ebe03b0be96acbf76a32aaa8f99fb0b80050ba92
-
SHA256
288e0e5c83a6fbde926189bf71e44dcb7a6516f726cc5985c28a4c3c4499f30a
-
SHA512
42bcf63a192ff93fa86ad1dd07896162be384e9a41bf8924956ae0ec86346c565245ea3e828f07e7802494c5e05ef52ca7e0abdd9e07cc570e740b01ea32c891
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-