General
-
Target
CT_7093164285.exe
-
Size
852KB
-
Sample
210408-gtbsjxwrbx
-
MD5
4115754d5b0d6ab49aed7fdde034d04a
-
SHA1
6eb5fbd8c35001249521652c36c0cb9feccddbbe
-
SHA256
67e40f25962f1a77b84cc4a4b990bf99041924736e11b55e74edef29816ef3ec
-
SHA512
27b8c0c266d8836499c3e1c4496569cd23364f925933708e1ced61ed682eae1733919c6e09e4e2f0dcd1e2d5bd76a8843f1b0b6b89a95ae779d04cfd1c00a012
Static task
static1
Behavioral task
behavioral1
Sample
CT_7093164285.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
CT_7093164285.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chrismehat.com - Port:
587 - Username:
market@chrismehat.com - Password:
vStcCO~Cyox6
Targets
-
-
Target
CT_7093164285.exe
-
Size
852KB
-
MD5
4115754d5b0d6ab49aed7fdde034d04a
-
SHA1
6eb5fbd8c35001249521652c36c0cb9feccddbbe
-
SHA256
67e40f25962f1a77b84cc4a4b990bf99041924736e11b55e74edef29816ef3ec
-
SHA512
27b8c0c266d8836499c3e1c4496569cd23364f925933708e1ced61ed682eae1733919c6e09e4e2f0dcd1e2d5bd76a8843f1b0b6b89a95ae779d04cfd1c00a012
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-