General
-
Target
ApuE9QrdQxe7Um6.exe
-
Size
525KB
-
Sample
210408-w89garr9g6
-
MD5
1576d49b794d95e60b27d069d144926a
-
SHA1
8d56db68f570834b345a9f8749acb8b67f738409
-
SHA256
c97b8314f3d0b5396a70df9e3458be2f69d2d7891a86e02fa9b112dd0a6957ae
-
SHA512
4a1f356958fa2253a9dbe8c2225368e67fb5f83f1f3ce0756041a7a7cf88600faf87cd11c7778778a9c697e3a246a31a8d2b37cd596e812ba9162783e63bde86
Static task
static1
Behavioral task
behavioral1
Sample
ApuE9QrdQxe7Um6.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ApuE9QrdQxe7Um6.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
office4@iykmoreentrprise.org - Password:
rwkWCM328
Targets
-
-
Target
ApuE9QrdQxe7Um6.exe
-
Size
525KB
-
MD5
1576d49b794d95e60b27d069d144926a
-
SHA1
8d56db68f570834b345a9f8749acb8b67f738409
-
SHA256
c97b8314f3d0b5396a70df9e3458be2f69d2d7891a86e02fa9b112dd0a6957ae
-
SHA512
4a1f356958fa2253a9dbe8c2225368e67fb5f83f1f3ce0756041a7a7cf88600faf87cd11c7778778a9c697e3a246a31a8d2b37cd596e812ba9162783e63bde86
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-