General
-
Target
AWB-5172133161.exe
-
Size
637KB
-
Sample
201109-7qltxeb82n
-
MD5
4cb5772b46cd9f50875cd840593980f8
-
SHA1
69021f80047a39643d331a5d661a30397e5b4872
-
SHA256
3565778eb404c19919977a17613f414d355f2bb22ddfb200c25ad07b9c128049
-
SHA512
67daafbf266a1d17fe875afe16758c7a1658ae50050883de13795079b38bf3e4c52328719bdbf8bd3dadd7d942b5bf008c2dfe21d0de58e0e75f679612d136a0
Behavioral task
behavioral1
Sample
AWB-5172133161.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
AWB-5172133161.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
love@mafo.cc - Password:
success21
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
love@mafo.cc - Password:
success21
Targets
-
-
Target
AWB-5172133161.exe
-
Size
637KB
-
MD5
4cb5772b46cd9f50875cd840593980f8
-
SHA1
69021f80047a39643d331a5d661a30397e5b4872
-
SHA256
3565778eb404c19919977a17613f414d355f2bb22ddfb200c25ad07b9c128049
-
SHA512
67daafbf266a1d17fe875afe16758c7a1658ae50050883de13795079b38bf3e4c52328719bdbf8bd3dadd7d942b5bf008c2dfe21d0de58e0e75f679612d136a0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-