General
-
Target
KIS PRODUKT FIRST ORDER.rar
-
Size
392KB
-
Sample
210225-vmfpr19wgn
-
MD5
dfac5f3cf859e00aa0c6053532ea618f
-
SHA1
9141584fc80d32780b23776148660fc9c1efccad
-
SHA256
6bb23e46084db2109b99ead9b3c6cf74b49b3650d948c6c55b7d42babe48cad5
-
SHA512
3842ad98d373102ad34ed9b00126d5265ae25abb944f3299e16bcb86c5936cc543e05b11d94516b4294a1fc6c135cf9db605f7c5b564d95f873432ef8a8d44db
Static task
static1
Behavioral task
behavioral1
Sample
KIS PRODUKT FIRST ORDER .exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
KIS PRODUKT FIRST ORDER .exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
GODBLESSUS123
Targets
-
-
Target
KIS PRODUKT FIRST ORDER .exe
-
Size
488KB
-
MD5
45daadab1091bd723b6fbce89854db81
-
SHA1
c428a55ec3a57fa18d9b850688231fc6497bba27
-
SHA256
1f0f56584763c573ef925d19b1169c11b650d670f01f201bd465bbd44549cd39
-
SHA512
e66507226dad7ef3bcee65950969a1852ccd0d2544b17f028926978daf3514026964fc5c8735b4f6b91c35af982a060c84c8500075f8a44b546c81f19193fe32
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-