General
-
Target
OC_UNMSM 5904263.exe
-
Size
805KB
-
Sample
210408-mhsavgzxcx
-
MD5
47ae34010e760d2a6d5487710e21db4d
-
SHA1
30c5995c0cd40ad5102953bef4e591bed55749b7
-
SHA256
2bab90115e107a01e2382c39f56afb09b4dcf0e788270d34867b83c872286295
-
SHA512
141687376bcc04744ba66c72cf0e1bc33a1db1550b3c10157f7d1dbc4db6168d9f85576f129d8f5b448ef6d6341bee3b5bea2de9e262c152e9a82771c1bb3eaa
Static task
static1
Behavioral task
behavioral1
Sample
OC_UNMSM 5904263.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
OC_UNMSM 5904263.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chrismehat.com - Port:
587 - Username:
market@chrismehat.com - Password:
vStcCO~Cyox6
Targets
-
-
Target
OC_UNMSM 5904263.exe
-
Size
805KB
-
MD5
47ae34010e760d2a6d5487710e21db4d
-
SHA1
30c5995c0cd40ad5102953bef4e591bed55749b7
-
SHA256
2bab90115e107a01e2382c39f56afb09b4dcf0e788270d34867b83c872286295
-
SHA512
141687376bcc04744ba66c72cf0e1bc33a1db1550b3c10157f7d1dbc4db6168d9f85576f129d8f5b448ef6d6341bee3b5bea2de9e262c152e9a82771c1bb3eaa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-