General
-
Target
SMCTC01352102260003,xlsl.z
-
Size
420KB
-
Sample
210227-c5a7h39cea
-
MD5
81ac6f9ce41ca01d606550ea89e060ce
-
SHA1
d2305e11d7e931b3fcf1f7e0803a650344e91307
-
SHA256
7f5b883a1d1915f1f333ac49b3ba6b99d6419a45a4bb2a53bae2e18013117a69
-
SHA512
c424b9c272c74507a97049e930ad9bab63e7a171d74c297f6bca7cb4e43c118b7123c3c333f3795edf47da684b9b9a0c10abdf91e2405c51524b3083e5d11755
Static task
static1
Behavioral task
behavioral1
Sample
SMCTC01352102260003,xlsl.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SMCTC01352102260003,xlsl.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.trakya.com.tr - Port:
587 - Username:
trakya@trakya.com.tr - Password:
3mbK9Jjc5T
Targets
-
-
Target
SMCTC01352102260003,xlsl.exe
-
Size
567KB
-
MD5
78727e8e24f7d04bb70a7a589d7c1d97
-
SHA1
6e633a2a144eb6db926954eb2bed983d698a03e4
-
SHA256
086561fb4e2b433a472cf0ebdf42e3a0e2fed75d17bf11892c141891b3b09b1b
-
SHA512
ffd01d9ed46c9f5550cbb96e296684d02a93bbcca015b781ad9cf49b6cceb1168037e8216f73cb270a0d6201993f99ec558cbe447e07039e4215c8f43b4a52d7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-