General
-
Target
Nuevo orden.exe
-
Size
553KB
-
Sample
200707-sp964q42ls
-
MD5
ebaedfa3c71e93c64c4e3c9ab87deace
-
SHA1
e692d48f36b3704cdc2d5ee07173bd6b3b7a3b7d
-
SHA256
47e5d3ce3db665ba1bd95863dedaebfc2c837f6e70747a614408451c50b7d564
-
SHA512
d241e0878e04a007ded70d20b61e03d6dd6d3778ad333ede91d6dfcfce2bbe4c5a5cb3cab663bd9c97a0265c9fd56deec68a66bad0c8368c816dc5b19fd353ef
Static task
static1
Behavioral task
behavioral1
Sample
Nuevo orden.exe
Resource
win7
Behavioral task
behavioral2
Sample
Nuevo orden.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chosen@@@123
Targets
-
-
Target
Nuevo orden.exe
-
Size
553KB
-
MD5
ebaedfa3c71e93c64c4e3c9ab87deace
-
SHA1
e692d48f36b3704cdc2d5ee07173bd6b3b7a3b7d
-
SHA256
47e5d3ce3db665ba1bd95863dedaebfc2c837f6e70747a614408451c50b7d564
-
SHA512
d241e0878e04a007ded70d20b61e03d6dd6d3778ad333ede91d6dfcfce2bbe4c5a5cb3cab663bd9c97a0265c9fd56deec68a66bad0c8368c816dc5b19fd353ef
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-