General
-
Target
b9a31ec9cf6084d9ea4543ae5454f6c0.exe
-
Size
35KB
-
Sample
210408-cjzbxpe86s
-
MD5
b9a31ec9cf6084d9ea4543ae5454f6c0
-
SHA1
1b8fe311794d5ee7c85930d57e8ee521653342e0
-
SHA256
9bdd28e639ad1bd0bd8cab6e287279db86d951b1a488786c3435f7a5f39ac383
-
SHA512
91e0e5ee915b8217a84a85c860f0be6f145cac6188b0de7874d698952b7a1f7fb16cde22cb59a1a2fef5af131f81408ae28161c7ed900f1d75885f9bdb1c138f
Static task
static1
Behavioral task
behavioral1
Sample
b9a31ec9cf6084d9ea4543ae5454f6c0.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
binatonezx.cf - Port:
587 - Username:
arinzelogs@binatonezx.cf - Password:
7213575aceACE@#$
Targets
-
-
Target
b9a31ec9cf6084d9ea4543ae5454f6c0.exe
-
Size
35KB
-
MD5
b9a31ec9cf6084d9ea4543ae5454f6c0
-
SHA1
1b8fe311794d5ee7c85930d57e8ee521653342e0
-
SHA256
9bdd28e639ad1bd0bd8cab6e287279db86d951b1a488786c3435f7a5f39ac383
-
SHA512
91e0e5ee915b8217a84a85c860f0be6f145cac6188b0de7874d698952b7a1f7fb16cde22cb59a1a2fef5af131f81408ae28161c7ed900f1d75885f9bdb1c138f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-