General
-
Target
Messages Alert.zip
-
Size
401KB
-
Sample
210227-b8khm1w2v6
-
MD5
c0ace61ff47cd0eeea23f38e4258de8d
-
SHA1
9dfd2cd47844d774e0dc05b457779887803c78c4
-
SHA256
bb1e3ad092ad8a8dde5bdef74e649335873c3ac56d73418aebdbe1c72eef8590
-
SHA512
1ce1169f93ba337daea23287793ff320e4465b27ca8d4d15a0aead8f07dfa21352de5f403afea60ebed3b2fc0fb9e69306ffc287c8c706523c20c7cb56f73c3c
Static task
static1
Behavioral task
behavioral1
Sample
Messages Alert.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Messages Alert.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
zinco - Password:
computer147
Targets
-
-
Target
Messages Alert.exe
-
Size
803KB
-
MD5
fa0bbf76dff6292d4191c425ec4f505c
-
SHA1
ec7a66b5e97febb2fed980579a349b95ae1060c0
-
SHA256
93c685198f362c176d9272eae67c9001559190c3cad3c9184aafda48cb005c03
-
SHA512
ca18b5644a6da28250f6ede38371503a55ffbc84685b9c99007d4862650fe15207baaf55fc4e4326cf669037d9b2f5dc56ca51ba162e7c36b80b7b28e2bd7f58
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-