General
-
Target
catalogue.exe
-
Size
515KB
-
Sample
201109-3c9h19dfqa
-
MD5
1c098e2524570249e1aa01afe50f3dde
-
SHA1
f130b0404f94fb4ddfdd918b58734dc73d3e814f
-
SHA256
d43c6aba8577d6f6e846545d25587748ff13e676320936f4c3104ba94e22e24c
-
SHA512
b67b7f19b4dd15179720a82f2f62ce6a709b3adad7299afc86eff1cf8f00ebb660d710c8cf6b8d3bd7ef4653c41a4447e11e60cce817056494dffc9ee055ba91
Behavioral task
behavioral1
Sample
catalogue.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
catalogue.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
admin@cairoways.me - Password:
requestShow@
Targets
-
-
Target
catalogue.exe
-
Size
515KB
-
MD5
1c098e2524570249e1aa01afe50f3dde
-
SHA1
f130b0404f94fb4ddfdd918b58734dc73d3e814f
-
SHA256
d43c6aba8577d6f6e846545d25587748ff13e676320936f4c3104ba94e22e24c
-
SHA512
b67b7f19b4dd15179720a82f2f62ce6a709b3adad7299afc86eff1cf8f00ebb660d710c8cf6b8d3bd7ef4653c41a4447e11e60cce817056494dffc9ee055ba91
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-