General
-
Target
Picturess & Specifications.exe
-
Size
782KB
-
Sample
210226-845wpgnd8a
-
MD5
ae3f7138cf9b27521cdbb988d5aa47ef
-
SHA1
f5fb51d4541e6cdef81b1fdcb8c19a9892295dc7
-
SHA256
4cb6f873abc100a8ea2fe05ba2c728143a653f4f16a98c8f35fe0c8462682244
-
SHA512
754275ced6f5262d69c5b434742f7d4b3ca5465421dd2c473edddfbe4036cb85b4f538d0779c68270f3edd34926c681dfe46c10ad946c43fa1747e3d8629d2aa
Static task
static1
Behavioral task
behavioral1
Sample
Picturess & Specifications.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Picturess & Specifications.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
id.cpworldgroup.com - Port:
587 - Username:
[email protected] - Password:
nuvezu0690
Targets
-
-
Target
Picturess & Specifications.exe
-
Size
782KB
-
MD5
ae3f7138cf9b27521cdbb988d5aa47ef
-
SHA1
f5fb51d4541e6cdef81b1fdcb8c19a9892295dc7
-
SHA256
4cb6f873abc100a8ea2fe05ba2c728143a653f4f16a98c8f35fe0c8462682244
-
SHA512
754275ced6f5262d69c5b434742f7d4b3ca5465421dd2c473edddfbe4036cb85b4f538d0779c68270f3edd34926c681dfe46c10ad946c43fa1747e3d8629d2aa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-