General
-
Target
30714756.exe
-
Size
617KB
-
Sample
210113-e4w9wkgqda
-
MD5
c1279eb7ba4c37f73765233d8ce917d5
-
SHA1
2e9978ed7bd20a8b8890f9d236317f0e6dfab11f
-
SHA256
1d12e0ea21ddb6f39d309e836c5f8e2c3fcfd4c167b20185ca3723233230bb8b
-
SHA512
5be8c1dac94b8c7f8cd183f57c82b66149fbe3a06d75745f9ccc5de77233ff45c363fbd7520f726c688e477e08f418271fb3e9e3039ff6b9ced1ec7b863646d6
Static task
static1
Behavioral task
behavioral1
Sample
30714756.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
30714756.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
chynaman@vivaldi.net - Password:
pmoneyboy994
Targets
-
-
Target
30714756.exe
-
Size
617KB
-
MD5
c1279eb7ba4c37f73765233d8ce917d5
-
SHA1
2e9978ed7bd20a8b8890f9d236317f0e6dfab11f
-
SHA256
1d12e0ea21ddb6f39d309e836c5f8e2c3fcfd4c167b20185ca3723233230bb8b
-
SHA512
5be8c1dac94b8c7f8cd183f57c82b66149fbe3a06d75745f9ccc5de77233ff45c363fbd7520f726c688e477e08f418271fb3e9e3039ff6b9ced1ec7b863646d6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-