General
-
Target
DOC.exe
-
Size
440KB
-
Sample
200710-vse7zkx3sn
-
MD5
20aa701748ce426b6818834da4b81db4
-
SHA1
3c221f46bf85db4f0cd3fa763928e2feaad19468
-
SHA256
f0bc738c905572cb05e4dc2004d86c69eb5e329bfbd7679e2f6c5306b5b7147a
-
SHA512
c7bba123a15748f55ada8a96b23ede5d590b53b1da32f4cbea4e6d099259ddf266cb375f39e2138ab26e9620b2a0c085ec40c1eec04a7b49699f90c3942cfc49
Static task
static1
Behavioral task
behavioral1
Sample
DOC.exe
Resource
win7
Behavioral task
behavioral2
Sample
DOC.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
vicanto1994
Targets
-
-
Target
DOC.exe
-
Size
440KB
-
MD5
20aa701748ce426b6818834da4b81db4
-
SHA1
3c221f46bf85db4f0cd3fa763928e2feaad19468
-
SHA256
f0bc738c905572cb05e4dc2004d86c69eb5e329bfbd7679e2f6c5306b5b7147a
-
SHA512
c7bba123a15748f55ada8a96b23ede5d590b53b1da32f4cbea4e6d099259ddf266cb375f39e2138ab26e9620b2a0c085ec40c1eec04a7b49699f90c3942cfc49
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-