General
-
Target
signed_19272.exe
-
Size
443KB
-
Sample
200701-bmpykhae9x
-
MD5
89f06f681967303341f46437487c93b8
-
SHA1
80c5161d3cb2daa2a4352c92be70c084a812ec88
-
SHA256
bf2f666cc2bf3dff6a34835ddd2b78a8cf6a6cfc2a725e81226996010669ed2b
-
SHA512
24f1832c2f83cb2a024115941a2391e2b82f7f4fabbc65572b7581e5212a94d42d953572eb455cdffe345fc163a784a04496bd7369965167a1af553516453419
Static task
static1
Behavioral task
behavioral1
Sample
signed_19272.exe
Resource
win7
Behavioral task
behavioral2
Sample
signed_19272.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
signed_19272.exe
-
Size
443KB
-
MD5
89f06f681967303341f46437487c93b8
-
SHA1
80c5161d3cb2daa2a4352c92be70c084a812ec88
-
SHA256
bf2f666cc2bf3dff6a34835ddd2b78a8cf6a6cfc2a725e81226996010669ed2b
-
SHA512
24f1832c2f83cb2a024115941a2391e2b82f7f4fabbc65572b7581e5212a94d42d953572eb455cdffe345fc163a784a04496bd7369965167a1af553516453419
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-