General
-
Target
IMG_630_375_10.r01
-
Size
237KB
-
Sample
210420-69pa92mq8j
-
MD5
13c502d3cf569fabfb2fb93fbd66c570
-
SHA1
123c880585055339936677177ab89e242f1a5018
-
SHA256
49ba87aa6289fa45606deacf3dc0edd27f341dd72c0d021a1d15a65e31a90c36
-
SHA512
3b9d382a740f3bf5a37540961f9c7d301877c7b510dacffe7e636dff6ce777f731f52655e47b3d5754a8336272d7e00ff3b8ab0a705aa84b40b1852ebe9856df
Static task
static1
Behavioral task
behavioral1
Sample
IMG_630_375_10.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
IMG_630_375_10.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
x103860*&1333
Targets
-
-
Target
IMG_630_375_10.exe
-
Size
258KB
-
MD5
1ceae4d45ed09a9ed4d5c392a7654fa9
-
SHA1
ee4c9033fbb20d87723cb35333b5009086e9645c
-
SHA256
9406ad52a87d220e0eae7b7a65a1870a72df536649d9600aca18ddce2263001f
-
SHA512
79a71995f8b18386e584a1ac58b8ac180f7215b6f6af8adb3a2c893508fcdf5847309b18dae87e28dded6af45e38911c09d7a060b0203ba56d427ef313d36ae9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies WinLogon for persistence
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-