General
-
Target
TRANSFERENCIA AL EXTERIOR U810295.exe
-
Size
817KB
-
Sample
210408-y3m323ex3n
-
MD5
4897cf8fbfbdb2b327e5fa7806e720ad
-
SHA1
48898211f2a6ebf635f2c178b98e8c680ebda3ad
-
SHA256
f6398abe67fd7faeccf89de7f810ee2767ee05f96a13821ba48f609aad5da75e
-
SHA512
19d5b755da018374a6d7114d3471064bbb3f01f3a78cdc753bea456e906ddd1360a99aaffc24f57b9f7d641e8600498dbd1a8669aa9ab5bf25881f51f812e246
Static task
static1
Behavioral task
behavioral1
Sample
TRANSFERENCIA AL EXTERIOR U810295.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
TRANSFERENCIA AL EXTERIOR U810295.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elernentsgrp.com - Port:
587 - Username:
aurora@elernentsgrp.com - Password:
%IHiBbV4
Targets
-
-
Target
TRANSFERENCIA AL EXTERIOR U810295.exe
-
Size
817KB
-
MD5
4897cf8fbfbdb2b327e5fa7806e720ad
-
SHA1
48898211f2a6ebf635f2c178b98e8c680ebda3ad
-
SHA256
f6398abe67fd7faeccf89de7f810ee2767ee05f96a13821ba48f609aad5da75e
-
SHA512
19d5b755da018374a6d7114d3471064bbb3f01f3a78cdc753bea456e906ddd1360a99aaffc24f57b9f7d641e8600498dbd1a8669aa9ab5bf25881f51f812e246
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-