General
-
Target
13a34248109d29dee8c2467ad2cebd0acf6712df7db92d8ca7cf9cb21f70eca5
-
Size
1.0MB
-
Sample
201125-3e42htkh2j
-
MD5
a28f16df2ae4cb9ee1473798df5c424e
-
SHA1
d09b133968bb615544c54f85a465e06c8b057417
-
SHA256
13a34248109d29dee8c2467ad2cebd0acf6712df7db92d8ca7cf9cb21f70eca5
-
SHA512
9341c25fd2057fb1117bd095a4a1452c9834fe7456e686b6c4a72aa4d8f1b341558168aacb715f582073c32bcbea78f1666cd719529b670216f9044a750bf729
Static task
static1
Behavioral task
behavioral1
Sample
13a34248109d29dee8c2467ad2cebd0acf6712df7db92d8ca7cf9cb21f70eca5.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
13a34248109d29dee8c2467ad2cebd0acf6712df7db92d8ca7cf9cb21f70eca5.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
vbjmys@yandex.com - Password:
officepost8
Targets
-
-
Target
13a34248109d29dee8c2467ad2cebd0acf6712df7db92d8ca7cf9cb21f70eca5
-
Size
1.0MB
-
MD5
a28f16df2ae4cb9ee1473798df5c424e
-
SHA1
d09b133968bb615544c54f85a465e06c8b057417
-
SHA256
13a34248109d29dee8c2467ad2cebd0acf6712df7db92d8ca7cf9cb21f70eca5
-
SHA512
9341c25fd2057fb1117bd095a4a1452c9834fe7456e686b6c4a72aa4d8f1b341558168aacb715f582073c32bcbea78f1666cd719529b670216f9044a750bf729
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-