General
-
Target
ORDER 2021022500010101001010.r00
-
Size
430KB
-
Sample
210225-zcdgfens66
-
MD5
72268d01603b4e7a61e9977edc6f060f
-
SHA1
d3b2f75e16296db1a2832520581055fecede769b
-
SHA256
1124d0232cd747fbba4b105ad701f41057d8e3a3153beb8d5dc4558ae477c37c
-
SHA512
43165faf14ea698b07e8b426c0329ef710970b016e02aee3ad21642565d9ab3b93cc809f76fc7e6197cbab4154b5c385e66dc098990a9cdd33c67c2cea28cc94
Static task
static1
Behavioral task
behavioral1
Sample
ORDER 2021022500010101001010.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ORDER 2021022500010101001010.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ceotech.com.tr - Port:
587 - Username:
[email protected] - Password:
Ceo.tech.123
Targets
-
-
Target
ORDER 2021022500010101001010.exe
-
Size
770KB
-
MD5
7a8cc44ac142f84a34fb6a17a20a5c16
-
SHA1
5860903de3ed5ce64d0b48f72e1ae4a1997b0789
-
SHA256
113eabe35a49134e8f6b1ba27c748826ea959de70fda113a6e71f70b6740b2d0
-
SHA512
1c1f74c2cad46159cc1665092865a5fac6b38659e985e3f8a4982c8023cc3b2dad083d969957c88135a394a4678c18bb721ba9a0854990de8d659ad0d83e70df
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-