General
-
Target
Statement of Accounts pdf.gz
-
Size
468KB
-
Sample
210228-3s455tphhe
-
MD5
4bfd2162003f66fc313e9da03f0664b0
-
SHA1
dd95d8a24e69bf001ec5177bccde874a25687275
-
SHA256
59915adde8ff6809e7c41085595d3d74285283bce1c5aa3c25acfe8300f00b50
-
SHA512
60ba86e0686b3ddda7e95eafc6bb8d59a1521d06f8083f53a11692bdbffdf05806714c214b7d25a28ae6c51e3414b483d199edc7d648a2f5f0ea77d6a3935c54
Static task
static1
Behavioral task
behavioral1
Sample
t7TPWzR6ik7Go42.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
t7TPWzR6ik7Go42.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hybridgroupco.com - Port:
587 - Username:
quinz2021@hybridgroupco.com - Password:
Obinna123@@@
Targets
-
-
Target
t7TPWzR6ik7Go42.exe
-
Size
825KB
-
MD5
a38e4fc12af4ef983f90d5ce153621bf
-
SHA1
e1af362e723e62475b63f85a868207a126f2e08d
-
SHA256
c62253a3e09e0e22dfbf313aad8a7872870c45b68e85dcd37919b89fbf24bb12
-
SHA512
36345f729e24aa6d1f70c18d37445df390f98322bb525f2e3d477cd7db9a718e53ba3192d0a2d5c23118a0ef63ad9e78cd05e23afc06823db5ba00cb0bddf8ce
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-