General
-
Target
9ee7860970dda59e4eb23bb9bb010bf5.exe
-
Size
36KB
-
Sample
210419-kzff21kjyn
-
MD5
9ee7860970dda59e4eb23bb9bb010bf5
-
SHA1
5bb2807519c91309121d91c019575c18f8b83b2d
-
SHA256
a31924a3f39126f3f253c75ea5b787a4756b885828916ff5bd5b1c9ca9b95c59
-
SHA512
6dcfaa4e3b8457987b7750f0e31cb917af2d355eee7e343333c14b6ba8d12d31db17e7d4dd5809e5d168d3c715fdb70b38ddcc96d6050742b68c9cb68fc4a055
Static task
static1
Behavioral task
behavioral1
Sample
9ee7860970dda59e4eb23bb9bb010bf5.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
9ee7860970dda59e4eb23bb9bb010bf5.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orienttech.com.qa - Port:
587 - Username:
[email protected] - Password:
Op{^fLb9gN[!
Targets
-
-
Target
9ee7860970dda59e4eb23bb9bb010bf5.exe
-
Size
36KB
-
MD5
9ee7860970dda59e4eb23bb9bb010bf5
-
SHA1
5bb2807519c91309121d91c019575c18f8b83b2d
-
SHA256
a31924a3f39126f3f253c75ea5b787a4756b885828916ff5bd5b1c9ca9b95c59
-
SHA512
6dcfaa4e3b8457987b7750f0e31cb917af2d355eee7e343333c14b6ba8d12d31db17e7d4dd5809e5d168d3c715fdb70b38ddcc96d6050742b68c9cb68fc4a055
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-