General
-
Target
JBD6278216733.exe
-
Size
919KB
-
Sample
210114-r1sjtb69e6
-
MD5
c8b6e53c0790855357c2392a601762bb
-
SHA1
1d50a1452334cb48f14b8eba17cb40ac150e9732
-
SHA256
86b657e19c75d3110a5f25aa84e9709a6b66d6a3e8bbccfba6ed4402c00269b7
-
SHA512
6d489e46eafe7514ddcb578317d561fc0651925dcacf959157e0c18a47ed1b73c7a05893955f00798d3e20b16db66129eb959540e0631d4c8542927e938bfa53
Static task
static1
Behavioral task
behavioral1
Sample
JBD6278216733.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
JBD6278216733.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.co.uk - Port:
587 - Username:
info@wjpub.co.uk - Password:
EMmaunel11@!55
Targets
-
-
Target
JBD6278216733.exe
-
Size
919KB
-
MD5
c8b6e53c0790855357c2392a601762bb
-
SHA1
1d50a1452334cb48f14b8eba17cb40ac150e9732
-
SHA256
86b657e19c75d3110a5f25aa84e9709a6b66d6a3e8bbccfba6ed4402c00269b7
-
SHA512
6d489e46eafe7514ddcb578317d561fc0651925dcacf959157e0c18a47ed1b73c7a05893955f00798d3e20b16db66129eb959540e0631d4c8542927e938bfa53
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-