General
-
Target
AWB 673687387678.exe
-
Size
885KB
-
Sample
200708-qg57fmvdqa
-
MD5
4cf96d85b7e905687ee0533d2792158c
-
SHA1
6d1d02605ddfc879e7a5bbf1048ef1f3cef321ab
-
SHA256
7b0682f987e2856b5ccdb1c31fc5ac81df44c270940d71b3c403a9f361191afb
-
SHA512
a2f9a95a332361c95ed0a1440ec8e01a6961176f60b96525192a76d80d79f10cd394809957e406056d6949866c3fa8fd70fc173b53c0ff1af3ecd3362f68ac6b
Static task
static1
Behavioral task
behavioral1
Sample
AWB 673687387678.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
AWB 673687387678.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.papayatreehotels.com - Port:
587 - Username:
[email protected] - Password:
tree1579
Targets
-
-
Target
AWB 673687387678.exe
-
Size
885KB
-
MD5
4cf96d85b7e905687ee0533d2792158c
-
SHA1
6d1d02605ddfc879e7a5bbf1048ef1f3cef321ab
-
SHA256
7b0682f987e2856b5ccdb1c31fc5ac81df44c270940d71b3c403a9f361191afb
-
SHA512
a2f9a95a332361c95ed0a1440ec8e01a6961176f60b96525192a76d80d79f10cd394809957e406056d6949866c3fa8fd70fc173b53c0ff1af3ecd3362f68ac6b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-