General
-
Target
STATEMENT OF ACCOUNT.gz
-
Size
396KB
-
Sample
210226-9nkkbt87sn
-
MD5
eff85c8a42af347ef2cdc192b4579abf
-
SHA1
fe8777c271dcfb4637d61e566a5e4d704100a219
-
SHA256
a8e36e742eb860d860ce25b1e2db21b6f5f9446afd4e55d1a88b2f0e2a42ee8e
-
SHA512
514e9f4e6e9ff987660b0f0810faf63cf816cdc247aeb3957a19189267d0e632392ac56d4c49dd3ba4c431504ff59fe1ef66518dc072cd0d75aa3075c4db18bc
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT OF ACCOUNT.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
STATEMENT OF ACCOUNT.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hybridgroupco.com - Port:
587 - Username:
20214@hybridgroupco.com - Password:
Obinna123@@@
Targets
-
-
Target
STATEMENT OF ACCOUNT.exe
-
Size
539KB
-
MD5
02ac9651780889ed244e584491bb3a8b
-
SHA1
95076b3fdc8e7481327d9ac8b282f6fda05c3b9a
-
SHA256
6dd28008feb4400efd4c0fde31b1647acd7e88755db7b245d121eef452880c1a
-
SHA512
05ba1334561a4ea7f86538294139c8745679654b15db690e985a5688ad78472affe8fd2f494c0759a3e4102a72539fc936d1db8766106bab307363d43ff65f1f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-