General
-
Target
Scan-07082020.exe
-
Size
857KB
-
Sample
200708-wb2k5dwzlj
-
MD5
1641019b536625b0234aee2d1215f916
-
SHA1
ee67e496b8099c448c7fd048adc2be6558d6f153
-
SHA256
a21f2a9736d444429fc9180093fe9a8d14aa0b49cb11f4db0c91461b83ccc826
-
SHA512
54bc7ab1266d4fd9f0cad080001181cf12b8f2b6d0fafe06ea3bc9bf4b267938c2ab510c9e344491a43ae7de785a4318b30ef9aea9c5aaafebf4e2f87b17e114
Static task
static1
Behavioral task
behavioral1
Sample
Scan-07082020.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Scan-07082020.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Naija81,J
Targets
-
-
Target
Scan-07082020.exe
-
Size
857KB
-
MD5
1641019b536625b0234aee2d1215f916
-
SHA1
ee67e496b8099c448c7fd048adc2be6558d6f153
-
SHA256
a21f2a9736d444429fc9180093fe9a8d14aa0b49cb11f4db0c91461b83ccc826
-
SHA512
54bc7ab1266d4fd9f0cad080001181cf12b8f2b6d0fafe06ea3bc9bf4b267938c2ab510c9e344491a43ae7de785a4318b30ef9aea9c5aaafebf4e2f87b17e114
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-