General
-
Target
SC_UNMSM 06042021.exe
-
Size
746KB
-
Sample
210408-k356mlmt32
-
MD5
d861e9c1a56f528517dd530d4e7f001c
-
SHA1
ae07d2ec36e18775bc8c6347c73a3057d7ea7991
-
SHA256
9f6ac087249c3b9b13c176d96113a3123d6986b536aac8573c89cd478770ecc5
-
SHA512
ca279e8b178520a42cc9983f7db0e65162ac0acd69276f45663e32ae96b9426cc262073eee8adeffffd765ab3baf864893c5f07d4accf22015ed824f7396ecd4
Static task
static1
Behavioral task
behavioral1
Sample
SC_UNMSM 06042021.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SC_UNMSM 06042021.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chrismehat.com - Port:
587 - Username:
market@chrismehat.com - Password:
vStcCO~Cyox6
Targets
-
-
Target
SC_UNMSM 06042021.exe
-
Size
746KB
-
MD5
d861e9c1a56f528517dd530d4e7f001c
-
SHA1
ae07d2ec36e18775bc8c6347c73a3057d7ea7991
-
SHA256
9f6ac087249c3b9b13c176d96113a3123d6986b536aac8573c89cd478770ecc5
-
SHA512
ca279e8b178520a42cc9983f7db0e65162ac0acd69276f45663e32ae96b9426cc262073eee8adeffffd765ab3baf864893c5f07d4accf22015ed824f7396ecd4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-