General
-
Target
Order_611_MALEK#93032_2098302_2920293_90HU90_30092F_DHUU3HAPRIL.exe
-
Size
293KB
-
Sample
210408-c9amawspy6
-
MD5
ad7baaa29ab40c8d956f6fcf2b2fa876
-
SHA1
aed8041c786df0fb9d087b55785cf7046114d275
-
SHA256
b87b28a8f83442cb616dd3da7e520617a8b57280ca0098fb3721d6142978cc5f
-
SHA512
99c62d7f77e139d74e5c951686a2347bc4668c1568038f71ada7d8b048eac5312c96541cb08d983112f3ad41ec373bb100f4ee2880ccda355f26c96da92ad97a
Static task
static1
Behavioral task
behavioral1
Sample
Order_611_MALEK#93032_2098302_2920293_90HU90_30092F_DHUU3HAPRIL.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Order_611_MALEK#93032_2098302_2920293_90HU90_30092F_DHUU3HAPRIL.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
penny@mbalikova.com - Password:
Gc7BuDF8@F
Targets
-
-
Target
Order_611_MALEK#93032_2098302_2920293_90HU90_30092F_DHUU3HAPRIL.exe
-
Size
293KB
-
MD5
ad7baaa29ab40c8d956f6fcf2b2fa876
-
SHA1
aed8041c786df0fb9d087b55785cf7046114d275
-
SHA256
b87b28a8f83442cb616dd3da7e520617a8b57280ca0098fb3721d6142978cc5f
-
SHA512
99c62d7f77e139d74e5c951686a2347bc4668c1568038f71ada7d8b048eac5312c96541cb08d983112f3ad41ec373bb100f4ee2880ccda355f26c96da92ad97a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-