General
-
Target
SecuriteInfo.com.MSIL.Kryptik.WOX.31681
-
Size
341KB
-
Sample
200707-3k5gk9126j
-
MD5
2eb615a83afed8792190b04dea641217
-
SHA1
6e03c83fc468980003d8b6cc9a2690052c8fbe2e
-
SHA256
353ae3fcced86a2ae12f8b249900180eeeffb722a2c56b46356c8f4ec4461925
-
SHA512
c36342924abff2f84ebb44ce4aa8b24ef4015a315cd6040a330deb23ed904158bed741bdab5769fc13906a1c0a65ac00cd8ae035a4a6d0a3513d79af971af557
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.MSIL.Kryptik.WOX.31681.exe
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.MSIL.Kryptik.WOX.31681.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Fy_DDDs098*/
Targets
-
-
Target
SecuriteInfo.com.MSIL.Kryptik.WOX.31681
-
Size
341KB
-
MD5
2eb615a83afed8792190b04dea641217
-
SHA1
6e03c83fc468980003d8b6cc9a2690052c8fbe2e
-
SHA256
353ae3fcced86a2ae12f8b249900180eeeffb722a2c56b46356c8f4ec4461925
-
SHA512
c36342924abff2f84ebb44ce4aa8b24ef4015a315cd6040a330deb23ed904158bed741bdab5769fc13906a1c0a65ac00cd8ae035a4a6d0a3513d79af971af557
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-