General
-
Target
Complaint About Your Company.zip
-
Size
426KB
-
Sample
210226-l2b3gz9y5n
-
MD5
42d9adfb8f00f157fae5195fb8bdd3c3
-
SHA1
ebffd97cd484ffaf3a20e17358f263a777dabdce
-
SHA256
b073a357145e3f85ea9bd8033af846f757901ca40b207cd27c17ed09c05253e9
-
SHA512
891568f8602ae211dfd10ed65e8a1a2c03038cde001215ea2a806e80bcebd02e068690945278a042b54761bb97cfcd3cd5f7e4e8f71c59c4372d74bf9c13beb9
Static task
static1
Behavioral task
behavioral1
Sample
Complaint About Your Company.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Complaint About Your Company.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
zinco - Password:
computer147
Targets
-
-
Target
Complaint About Your Company.exe
-
Size
820KB
-
MD5
ad8e516a03685e3bbf2cfde99b0a06a9
-
SHA1
913240ddb22665b0e244cc69eb22aaa8fc3d49f5
-
SHA256
6d84f67c5ce01feb377d1e1bb8959251aac2e23fac027029e7d3a8548a3300a5
-
SHA512
eb5dc5763722192f4f0d913bc1d77869470e56b1592c3de9a91ddcf4af8a68373aa1877d5a9a01421f0ba2766266cd8a1e15e7abda14bad912be6ebe1a30b311
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-