General
-
Target
c11d6124ee0522c7ab71d20cf3474dc0.exe
-
Size
604KB
-
Sample
201120-knqf4kteh2
-
MD5
c11d6124ee0522c7ab71d20cf3474dc0
-
SHA1
c52a64b7189c762b907a9d727950f3d1364c68ba
-
SHA256
871a7f14c61157dbea48d27f92bc64097e10eb44a9c8ef7543c435e275ca249c
-
SHA512
24b4d1776b4ec8610d1fe66a5aa9dc5a2886562e4805e0069e2177a477b272887cb7cd4616f4763814e6ffb6aa456a2b94301289b1fa75bf0585812d1f2a7c40
Static task
static1
Behavioral task
behavioral1
Sample
c11d6124ee0522c7ab71d20cf3474dc0.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
c11d6124ee0522c7ab71d20cf3474dc0.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
peter.terkper@gh-wilmar-intl.com - Password:
NNuzALf1
Targets
-
-
Target
c11d6124ee0522c7ab71d20cf3474dc0.exe
-
Size
604KB
-
MD5
c11d6124ee0522c7ab71d20cf3474dc0
-
SHA1
c52a64b7189c762b907a9d727950f3d1364c68ba
-
SHA256
871a7f14c61157dbea48d27f92bc64097e10eb44a9c8ef7543c435e275ca249c
-
SHA512
24b4d1776b4ec8610d1fe66a5aa9dc5a2886562e4805e0069e2177a477b272887cb7cd4616f4763814e6ffb6aa456a2b94301289b1fa75bf0585812d1f2a7c40
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-