General
-
Target
A409043090.exe
-
Size
268KB
-
Sample
210408-w8vrhptera
-
MD5
fda0391d523a57e1619e915b7ea1001d
-
SHA1
a1f4735310111960c576662f526ea4dab27079ac
-
SHA256
3f7c2fbbd1ded1f0068f438b1e8a9f30076577e234c6ef54c22956541d14b583
-
SHA512
09d149849612a53547bcd7b8ca52ff5f1a6eb37e89a188fe4a6bc03d040c89283a234e5c1fbcdca145fcdecc1df639528a6a27eb5a7f033fd0946f824a9fd99d
Static task
static1
Behavioral task
behavioral1
Sample
A409043090.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
A409043090.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.com - Port:
587 - Username:
miguel.chiliguano@sismode.com - Password:
Miguel1.2
Targets
-
-
Target
A409043090.exe
-
Size
268KB
-
MD5
fda0391d523a57e1619e915b7ea1001d
-
SHA1
a1f4735310111960c576662f526ea4dab27079ac
-
SHA256
3f7c2fbbd1ded1f0068f438b1e8a9f30076577e234c6ef54c22956541d14b583
-
SHA512
09d149849612a53547bcd7b8ca52ff5f1a6eb37e89a188fe4a6bc03d040c89283a234e5c1fbcdca145fcdecc1df639528a6a27eb5a7f033fd0946f824a9fd99d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-